International. According to the cybersecurity company WatchGuard, cybercriminals target educational institutions for the sensitive data they handle: personal information of students and employees, research and intellectual property.
With tight technology budgets and often weak defenses, many of these organizations are easy prey for increasingly complex cyberattacks, putting their reputations and operations at risk.
In 2023, the education and research sectors were the most affected by cyberattacks, recording an alarming weekly average of incidents, according to Statista. A total of 1,780 attacks occurred over the past year, of which 1,537 were the result of sensitive data breaches, according to Verizon's Data Breach Investigation Report (DBIR).
This represents a 258% increase in total incidents compared to the previous year and a staggering 546% increase in data breach cases. These figures highlight the urgency of improving cybersecurity measures in educational institutions.
Recently, the Highline Public Schools district, which serves about 17,500 students south of Seattle, suspended classes due to a cyberattack. In a statement issued on Sunday, September 8, the district confirmed that it had detected unauthorized activity in its systems. According to a spokesman, as of Sunday afternoon experts had found no evidence of theft of personal information from employees or families. However, the attack knocked key systems offline, affecting communications, school transport logistics and attendance records, forcing classes to be cancelled for a few days.
The 3 main attack vectors
The DBIR report also notes that the majority of security breaches in the education sector, around 90%, are caused by system intrusions, social engineering, and human error. Institutions are advised to follow some practical advice to protect school systems from these cyber threats:
1- Apply measures to protect networks and devices:
First, it's essential to keep your software and hardware up to date, as this protects against known vulnerabilities. Using content filters and segmenting the network to limit access and contain potential security breaches is also key. Establishing strong password and personal device usage (BYOD) policies is also crucial. Setting up separate Wi-Fi networks for personal, school, and guest devices and mobile device management (MDM) ensures robust protection and compliance with cybersecurity regulations.
2- Cybersecurity awareness:
Cybersecurity education is critical to protecting schools. Regularly training students and staff, conducting attack drills, and fostering a culture of security promotes shared responsibility. In addition, specific programs for the use of personal devices and workshops for parents ensure comprehensive protection at school and at home.
3- Implement basic cybersecurity tools:
Schools should implement continuous monitoring solutions to quickly detect and respond to any suspicious network activity and use a VPN to secure off-campus connections. Protecting identities is also key in schools. This requires tools such as role-based access, which limits the information available based on responsibilities, and contextual access control, which adjusts security levels based on user location and behavior. Implementing multi-factor authentication (MFA) is crucial, as it helps reduce intrusions, social engineering, and human error.
The critical need to implement robust security measures is growing as schools continue to integrate more technology into their daily activities, such as online learning platforms and cloud-based attendance and grading systems. MFA provides an extra layer of protection, making it difficult for unauthorized users to gain access, even if they manage to get past one of the defenses.
By incorporating authentication through mobile apps and push notifications, MFA simplifies the access process for students and teachers, dramatically reducing reliance on vulnerable passwords. In addition, centralized cloud management allows institutions to exercise full control over access and configure security policies tailored to their needs.
