Elementary and secondary school networks contended with a record number of cybersecurity incidents in 2020 as the pandemic forced millions of children into online learning faster than officials could mitigate a growing landscape of threats, a new report has found.
The 408 publicly disclosed cybersecurity incidents, which ranged from ransomware attacks and data breaches to online classroom invasions and website defacements, represent an 18 percent increase from 2019, according to a report jointly released on Wednesday by the K12 Security Information Exchange and the K-12 Cybersecurity Resource Center.
The number of incidents, equating to a rate of more than two incidents per school day, affected 377 educational organizations in 40 states, the report found.
Thirty-six percent of incidents targeting school networks were data breaches or leaks, the report found, with another 12 percent being ransomware attacks, in which hackers threaten to leak student data to the internet unless they are paid for its safe return. The remaining incidents were Denial of Service, phishing and malware attacks, or invasions of online classrooms.
"2020 offered a profound stress test of the resiliency and security of the K-12 educational technology ecosystem," the report said. "The evidence suggests that in rapidly shifting to remote learning school districts not only exposed themselves to greater cybersecurity risks but were also less able to mitigate the impact of the cyber incidents they experienced."
The report found that incidents in the first quarter of 2020, before the pandemic, mostly tracked with data from previous years. But the threat landscape expanded significantly in the second quarter as schools closed and classrooms rapidly shifted to online learning, with "classroom invasions," often involving shocking or violent content, became more common.
That trend continued into the third and fourth quarters, when a total of 292 incidents occurred, more than 70 percent of the year's total.
The report attributed the rise in attacks following the switch to online learning to increased reliance on thousands of new devices and services given to students and teachers in a short period of time during which they were not adequately trained to secure them properly. As those devices were connected to less secure home networks, they became more vulnerable.
"This suggests that school districts should revisit their contingency plans for continuity of operations during emergencies," the report found. "While no one can predict whether another global pandemic will close schools to in-person learning, important lessons can and should be drawn from this experience to ensure that if such an event (or something like it) occurs again in the future, districts are better prepared."
The report suggested several government initiatives to address the rise in cyberattacks targeting schools, including investing in information security that addresses the unique needs of schools, enacting federal and state laws setting minimum cybersecurity standards, and supporting greater information sharing between schools and security experts.
Bills aimed at bolstering school cybersecurity were introduced during the last session of Congress, but none passed. Sen. Gary Peters, D-Mich., who chairs the Homeland Security and Governmental Affairs Committee, plans to reintroduce bipartisan legislation that would direct the Cybersecurity and Infrastructure Security Agency to develop cybersecurity practices for schools and provide an online toolkit to help implement them, according to CyberScoop.