Since the pandemic began to shut down organizations across the globe over a year ago, it is being reported that a “record-breaking” amount of cyberattacks targeting schools occurred in 2020. From phishing to ransomware, cyber criminals found new ways to attack schools during the COVID-19 pandemic school closures.

The report, released in early March by the K-12 Cybersecurity Resource Center and nonprofit group K12 Security Information Exchange, informs that 2020 broke records in regards to cyberattacks against public schools. The report details that 408 school cyberattacks occurred, an 18 percent increase over 2019.

The report also states that due to vulnerabilities in the American public school system, cyberattacks against schools have only intensified. Many districts lack the IT staff and protocols needed to protect against cybersecurity threats. Knowing this, cyber criminals took advantage of these vulnerabilities to gain access to sensitive data about students, parents, educators and other school employees.

The report detailed that almost 40 percent of the K-12 cyberattacks involved some sort of data breach or leak, which nearly 12 percent were ransomware-related. Denial-of-access attacks were also a popular method used by attackers in 2020, because this type of attack complicated access to students and teachers for remote learning services.

One emerging trend that schools reported in 2020 were “Cyber Invasions”. During a Cyber Invasion, an attacker gains unauthorized access to events like an online class, or a video conference – during which they interrupt with hate speech, threats, or obscene imagery or audio.

Due to their size and reliance on technology for remote learning, larger or higher-income school districts were among the most vulnerable to be attacked, according to the report.

Keith Krueger, CEO of the Consortium for School Networking (CoSN), said that surveys conducted by the consortium found that cybersecurity was a top concern for CTO’s across the nation.  With this in mind, the consortium submitted a petition in February asking the FCC to invest in cybersecurity protections for public K-12 school districts through the E-rate program.

“There’s very little money for districts on the human side. In fact, our surveys show only one in every five school districts has a full-time staff person dedicated to cybersecurity,” said Krueger.  “We’ve got multiple problems, but this problem hasn’t gotten the serious attention that it needs from policymakers.”

In addition to attacks on schools, Amy McLaughlin, Project Director at CoSN warns that since there is very little getting in the way of cyber criminals attacking schools, these criminals can also target high school students approaching adulthood for identity theft.

“The first time a student finds out about that is when they go to apply for things like financial aid for college, and then finding out their credit has be destroyed,” she said.

Cyber attackers are getting better at these types of attacks as well. For instance, Phishing scams targeting remote students and educators often appear to come from recognizable email addresses.

“In a school environment, about 3 percent of teachers click inappropriately on phishing scams,” Krueger said. “That was jumping to 15 to 20 percent from home, so a lot of cyber criminals are getting into the network.”

In 2021, the story remains the same.  Cyber criminals have not eased their attacks against public schools.

CoSN and other education policy organizations have pushed for legislative help, urging support for the ‘Enhancing K-12 Cybersecurity Act’, which would strengthen cybersecurity funding for public schools, as well as help with efforts to track cyber incidents.

“We’re concerned that there isn’t [enough] data collected by the federal government,” Krueger said. “We think that Homeland Security should collect good data that’s actionable.”

McLaughlin believes that cybersecurity awareness among students is critical in the fight against cyber attackers.

“You need teachers to model good digital literacy and good digital hygiene,” she said.

Story via Government Technology