Well into 2023, it is disheartening to know that K-12 institutions continue to be one of the primary targets of cybersecurity attacks. Cyberattacks such as DDoS, phishing, data breaches, password attacks, man-in-middle attack, and malware on school districts have resulted in monetary losses, the need for additional recovery resources, and loss of instruction time.
While all types of cyberattacks are increasing in districts, for the first time, ransomware incidents were the most frequently disclosed incident type in 2022, with percentages rising from 12% in 2020 to 62% in 2022, according to the Emsisoft 2022 report(opens in new tab). School districts hit by ransomware in 2022 represented 1,981 schools, almost double the number of K-12 schools potentially compromised in 2021. In addition, ransomware groups successfully exfiltrated data from U.S. schools at a rate of two-thirds in 2022, up from half that number in 2021.
“We must ensure that our K-12 schools are better prepared to confront a complex threat environment,” says Jen Easterly, Director of CISA(opens in new tab), the U.S. Cybersecurity and Infrastructure Security Agency, which is partnering with K-12 to bolster security. “As K-12 institutions employ technology to make education more accessible and effective, malicious cyber actors are working to exploit vulnerabilities in these systems, threatening our nation’s ability to educate our children.”