K-12 Cyber Incidents Increase In 2017

Map courtesy of Doug Levin

Map courtesy of Doug Levin

As K-12 schools increase their use and reliance on digital tools and services, the number of cyber incidents is rising exponentially.

Since Jan. 1, 2016, 141 U.S. K-12 schools and districts experienced one or more publicly disclosed cyber incidents. 67 attacks in 2016, and 74 in these first few months of 2017. If that pace continues, it will be a 100 percent increase in attacks from last year.

This could be due to a few factors: more awareness of criminal cyber activities; more schools using easily hackable technology; more schools relying on digital tools by going 1:1; and hackers looking for easy targets in children and school staff.

Some types of cyber attacks in the schools have been things like phishing attacks to procure personal data, ransomware attacks, denial-of-service attacks, and many other breaches which compromise the safety of the school and its information.

While the amount of cyber incidents is increasing, so is the range of threats. It isn’t just student information that hackers are after, school staff information can be just as valuable to them.

The nation that attacks are always done externally is also being challenged. Based on statistics, a significant portion of incidents are done by staff or students. Students are hacking their own schools to improve their grade or just to cause havoc.

A significant number of these students who were caught hacking into their schools were charged as criminals under state and federal law, and were likely to go to prison if convicted.

The map is based off of publicly reported incidents, which means there could be many more that the public does not know about. Schools rarely want to share bad publicity, or admit that they had weaknesses in their cyber security.

Still, there are good steps schools can take to improve their security, such as:

  • Use special software or hardware to protect data;
  • Create better password and authorization policies;
  • Use secondary authentication methods;
  • Train school staff, particularly about phishing and downloading of unfamiliar files; and
  • Hire more staff with IT security expertise.

Schools shouldn’t wait to bolster their security, because by the time they do, it could be too late.

(Story via THE Journal)