Publicly disclosed cybersecurity incidents at US schools surged 18% over the past year to hit a record number of breaches, ransomware outbreaks and more, according to a new report.
Non-profit the K12 Security Information Exchange claimed there were 408 such incidents in 2020, which equates to more than two per school day.
The largest number (45%) were recorded as unattributed malware, class and meeting invasions, email invasion, website and social media defacement, and a large number of “related and/or low-frequency incidents.”
However, over a third (36%) were data breach incidents, 12% were ransomware-related and the rest were recorded as DDoS (5%) or phishing (2%).
The report claimed that a rapid shift to remote learning was to blame for much of this extra cyber-risk. New insecure devices were deployed rapidly to students, teachers had little training and were allowed to use unvetted free apps and services, and IT staff were often unable to physically update and configure devices, it noted.
Worse, many remote learning devices may have been reintroduced to school networks for districts that returned in autumn without proper security vetting.
The non-profit argued that policymakers and school leaders have historically ignored matters of cybersecurity.
“Notwithstanding the heroic education IT-related efforts to ensure remote learning was possible for large numbers of elementary and secondary students and their teachers during 2020, it should hardly be surprising that school district responses to the COVID-19 pandemic also revealed significant gaps and critical failures in the resiliency and security of the K-12 educational technology ecosystem,” it argued.
“Indeed, the 2020 calendar year saw a record-breaking number of publicly-disclosed school cyber-incidents. Moreover, many of these incidents were significant: resulting in school closures, millions of dollars of stolen taxpayer dollars and student data breaches directly linked to identity theft and credit fraud.”