CYBER SECURITY IN EDUCATION SECTOR

ACID Technologies helps educational institutions protect themselves by detecting the first signs of an impending cyberattack – as early as in its planning stage, and providing real-time, detailed alerts that enable the targeted institutions to implement effective preventive measures

ACID Technologies provides the education sector with cost-effective 24/7/365 dark web monitoring services, while also monitoring the deep web and multiple additional sources and platforms. When detecting a threat, ACID sends real-time, actionable alerts with all available information, to enable the targeted educational institute to effectively respond to the threat and mitigate its harmful impact.

Cybersecurity for K-12 schools is increasingly essential

One in four schools were victims of cyberattacks in 2022, based on a survey conducted by Clever, the platform used by more than 70% of K-12 schools in the USA.  In 2021, schools with a combined total of nearly a million students were targeted in 67 ransomware attacks, at a cost of more than US$ 3.5 billion in downtime (as reported by Dark Reading in January 2023).

Cybersecurity for Schools and Universities

Following the cyberattack on the Los Angeles Unified School District, which impacted 600,000 students, the FBI, Cybersecurity and Infrastructure Security Agency, and the Multi-State Information Sharing and Analysis Center released a joint statement revealing that the education sector, and particularly K-12 schools, had been disproportionately targeted in ransomware attacks since mid-2021, adding that these resulted in restricted access to networks and data, delayed exams, canceled school days, unauthorized access to and theft of personal information of students and staff, among others.

Jen Easterly, Director of CISA (the Cybersecurity and Infrastructure Security Agency of the USA), spoke in January 2023 of “massive attacks on K-12 schools”, which she regarded as “target rich, cyber poor”, adding: “What we want to do is to make sure that these entities, which don’t have a lot of resources, have the tools, the resources, the capabilities and the information to be able to protect themselves.”

1 in 4 schools were victims of cyberattacks in 2022

(Clever survey, USA)

The cost of downtime resulting from cyberattacks in 2021 was US$ 3.5B

(Dark Reading, USA)

The number of individual schools impacted by cyberattacks in the USA nearly doubled from 2021 to 2022
(University Business)

Cyber security for universities as also imperative

Data published by University Business in January 2023 reveals that:
  • 45 school districts in the USA were impacted by ransomware attacks, as well as 44 colleges and universities.
  • The number of individual schools impacted by cyberattacks rose from 1,043 in 2021 to 1,981 in 2022 – nearly double (University Business).
  • Data was exfiltrated in 58% of the attacks that took place in 2022, up from 50% the previous year.
  • At least three organizations paid the demanded ransom, including Glenn County Education Office in California, at a cost of US$ 400,000.

The types of attack that cybersecurity for the education sector must effectively counter

According to the GAO (US Government Accountability Office), the main types of attack waged against educational institutions are:

  • Ransomware: In which the victim is required to pay the perpetrators in order to regain access to stolen data and/or prevent its sale on the dark web.
  • Phishing: An attempt to acquire data or other resources by way of a fraudulent solicitation in an email or on a website.
  • Distributed denial-of-service (DDoS) attacks: Preventing or impairing authorized use of networks, systems or applications by multiple machines operating together to overwhelm a target.
  • Video conferencing disruptions: Attacks that disrupt teleconferences and online classrooms, often with pornographic or hate images and threatening language.

Some of the major cyberattacks that highlighting the need for effective cybersecurity for schools and universities

  • USA: The most significant attack in 2022 took place in September: The Los Angeles Unified School District sustained a ransomware attack launched by Vice Society, which shut down many of its IT systems. According to the technology website Wired, 500 gigabytes of data were stolen. One of the folders, for example, contained passport scans of pupils and their parents who had gone on school trips in the preceding 11 years. This was the second time in a year that this district, which includes 1,000 schools and 600,000 students, was targeted in a major cyberattack.


    Also in the USA, Des Moines, Iowa’s largest public schools district sustained a cyberattack in January 2023, forcing it to cancel classes.

    In February 2023, Minneapolis Public Schools (MPS, 34,500 students) were targeted in a ransomware attack, affecting its internet system, phones, cameras, building alarms, printers and copiers. The files that had been encrypted in the attack were restored from backups.

    In February 2023 as well, Berkeley County Schools in West Virginia announced that it had experienced a network outage that has limited IT operations throughout the District, and was forced to send 19,000 students home.

  • UK: A ransomware attack was waged in January 2023 against Guildford County School, in which the Vice Society gang stole hundreds of files, shut down IT functions and phones, as reported by Arctic Wolf. The data stolen included confidential information about students defined as high-risk. The stolen files soon appeared on Vice Society’s leak site.


    Also in the UK, a ransomware attack was waged against 16 schools and Hymers College in Hull over the holiday season in December 2022. The cybercriminals demanded a ransom of £15 million in crypto currency to unlock the computers they had hacked.

  • Israel: The Technion – Technical Institute of Israel was targeted in a ransomware attack in February 2023 by a hacker group which is affiliated with Iran’s security and intelligence services. The attackers demanded of 80 bitcoin within 2 days, which the Institute refused to pay. The attack appears to be ideologically motivated.
  • Canada: In an attack on the Huron-Superior Catholic District School Board in December 2022, the personal information of the Board’s employees was stolen, raising concerns of identity theft. The affected employees were promised two years of credit monitoring to detect any signs of identity fraud. The hackers later announced that they had deleted the stolen files, which included, among others, dates of birth, social insurance numbers and banking information of Board employees in the preceding 4 years.
  • Australia: Queensland University of Technology was targeted by the Royal ransomware gang in December 2022. In their ransomware notes, which they caused campus printers to print repeatedly – some until they ran out of paper – the attackers stated that they had encrypted and copied the stolen critical data, indicating that they could not only prevent access to this data, but also publish it online unless the ransom was paid. As a precaution, the university shut down many of its IT systems with sensitive data.

Schools and universities are particularly vulnerable; effective cybersecurity for the education sector is imperative!

One of the reasons of the increase in cyberattacks against schools is that the widespread online learning during the Covid-19 pandemic. The Clever survey also revealed that in 2022 more than 90% of educators said that they would continue using at least some of the digital tools they had adopted during the pandemic.

According to a report published by Atlas VPN and reported by District Administration, the education sector is the most targeted sector, with 171,000 daily cyberattacks within a 30-day period in the summer of 2022. The second most targeted industry was retail and consumer goods – with almost nine times fewer attacks.

A report titled The State of Ransomware in the US, which was released by Emsisoft, stated that the fact that the number of incidents has not decreased and that ransomware appears to be no less of a problem is concerning, particularly in view of the counter-ransomware initiatives have been introduced: executive orders, international summits, increased efforts to disrupt the ransomware ecosystem, and the creation by the US Congress of an interagency body, the Joint Ransomware Task Force, to unify and strengthen efforts.

In an admission of the severity of the problem, Steve Otis, Chairman of the New York State Assembly’s Science and Technology Committee has declared that protection against ransomware attacks was the top item on his agenda for 2023.

While this is a step in the right direction, this effort and the counter-ransomware initiatives mentioned above, which are not producing the desired results, only highlight the importance of implementing effective cybersecurity measures to protect the education sector going forward.

For cost-effective cybersecurity for schools and universities, ACID is the solution.

ACID’s cybersecurity solution for schools and universities

ACID offers an exceptionally cost-effective solution for the education sector: It deploys clusters of bots and implements advanced AI algorithms in order to detect the first signs of an attack in the clear, deep and dark web, as well as in multiple other sources, as early as in its initial planning phase. Once such signs are detected, ACID alerts the educational institution in real time, providing all the available information – including screenshots of threats detected on the dark web and deep web, which they may be reluctant or incapable of accessing themselves. ACID continues to monitor the sources, using client-specific keywords in several languages, and provides updates with any additional data as it becomes available. While ACID continuously monitors a great number of sources, if the institution wishes to include additional ones in the search, we are happy to oblige.

The real time alerts provided by ACID at the first hint of an attack, and the subsequent updates with additional information as it becomes available, enable the IT teams of the educational institutions to prepare and implement countermeasures that will mitigate the impact of the attack, or possibly thwart it altogether. Schools and universities are thus supported in avoiding the theft of sensitive data and costly ransom payments, and in maintaining the continuity of their students’ learning activities.

Cybercriminals, aware that educational institutions, from K-12 to universities, hold vast amount of personally identifiable information (PII) of students, parents, guardians, faculty and staff, as well as other valuable data (medical information, other), identify them as attractive targets.

To illustrate this with two of many examples: The theft of information was at the center of the attack on Michigan University in August 2023 and Stanford University in October 2023. In the former, the sensitive personal information of some 230,000 students, alumni, and employees was stolen, and in the latter, the Akira ransomware gang claimed to have taken possession of 430 GB of the university’s “private information and confidential documents”.

The lack of sufficient effective cybersecurity safeguards in many educational institutions also contributes to the attractiveness of the education sector, as it increases the chances of success of attacks.

Nearly two-thirds of education facilities reported having been targeted in cyber attacks in 2024, often in ransomware attacks, forcing them to pay millions on average to restore their operation. Among K-12 school specifically, the incidence of cyber attacks is more than one per day (Varonis).

In Verizon’s 2024 Data Breach Investigation Report, it revealed that in 2023 the educational services sector sustained 1,780 incidents, with 1,537 involving confirmed data disclosure. When compared with data from the previous year, the rate of increase in the number of incidents is 258%, and a jaw-dropping rate of 545% in the amount of data disclosure. It is believed that this increase is most likely attributable to the MOVEit transfer vulnerability, which impacted some 900 schools in the USA.

Lower education schools: Sophos found that these had the highest individual rate of attack of any industry in 2023 – 8o%, and that 95% of the attackers in attacks sustained in 2024 focused on compromising backups. The company added that the mean ransom paid by them was $7.46 million, which is the highest sum among all sectors.

Higher education institutes: According to data published on the Prey Project website, higher education facilities were confronted with a whopping 70% surge in ransomware incidents in 2024, as compared with 2023.

With ACID’s cost-effective solution, lower education schools and higher education institutes will reduce their risks of ransomware and other cyber attacks, and potentially avoid them altogether, at a cost immeasurably lower than the ransom cybercriminals demand.

The vulnerability of K-12 schools is influenced by a number of factors:

  • Insufficient financial and IT resources, which impedes the implementation and maintenance of more modern and effective cybersecurity safeguards.
  • The use of outdated technologies, which are less secure, and also encumber the enhancement of security protocols.
  • Regulatory compliance – regulations are amended from time to time, and in order to be met require policy and procedure updates. In the USA specifically, educational institutions are required to comply with FERPA, the Family Educational Rights and Privacy Act that gives parents the right to have access to their children’s education records, the right to seek to have the records amended, and the right to have some control over the disclosure of personally identifiable information from the education record. Not all K-12 schools have the resources (manpower, time, knowledge) to manage these updates properly and in a timely manner.
  • Rapid integration of digital tools, when unaccompanied by proper training.  
  • Use of personal devices by students, when there are no policies and procedures in place to ensure that when connecting alternately to secure networks at school and then to public networks which are not secure, and back again, does not leave the door open to cybersecurity risks.

Institutes of higher education are attractive targets for cybercriminals not only because of the immense quantity of personal data they store, but also because of the research they conduct and the appeal of gaining access to hard-gained intellectual property.

The cybersecurity challenges confronting institutes of higher education are influenced by some factors that are unique to them, and others that are shared with educational institutions in general. Some of these, as detailed on the Prey Project website, include:

  • Wider network access points – as these institutions are required to manage multiple entry points which increase the risk of unauthorized access.
  • Numerous users and devices accessing the networks, including not only students and faculty, but also other staff and visitors.
  • Advanced Persistent Threats (APTs), perpetrated by highly skilled attackers, who are often state-sponsored or backed by criminal organizations with considerable resources at their disposal, and characterized by their persistent nature and stealth.
  • Regulatory compliance, which in universities are particularly strict and necessitate robust cybersecurity networks. In the USA, this includes compliance with the Family Educational Rights and Privacy Act (FERPA) – a federal law that affords students from the age of 18 the right to have access to their education records, the right to seek to have their records amended, and the right to have some control over the disclosure of personally identifiable information from the education record.
  • Budget constraints, which universities suffer from as well, although these are often not as severe as in K-12 schools.
  • BYOD – the “bring your own device” trend, which opens new opportunities for persons with ill intent to exploit vulnerabilities and necessitate the rigorous enforcement of specific policies and protocols.

A few of the recent cybersecurity incidents include:

  • In September 2024, a cyber attack forced the Highline K-12 public school system in the area of Seattle, Washington to suspend the educational activities it provides to its 17,000 students for two days. It issued a statement: “We have detected unauthorized activity on our technology systems and have taken immediate action to isolate critical systems. We are working closely with third-party, state, and federal partners to safely restore and test our systems.”
  • In November 2024, the Waterford Campuses of the Irish South East Technological University were targeted in a significant cyber attack, leaving it with no access to online facilities, and forcing it to cancel classes for a day.
  • In August 2024, the University of Paris-Saclay was the victim of a ransomware attack. While the prestigious university did not provide details, it is known that its website was inaccessible for at least three days. It issued a statement that it is supported by the National Agency for the Security of Information Systems (ANSSI) in dealing with the attack.
  • In August 2024, the Mobile Guardian platform was breached and data from at least 13,000 student’s iPads and Chromebooks were remotely deleted. The attack impacted users in North America, Europe and Singapore. Mobile Guardian is a device management application suite for K-12 schools, which includes device management, easy-to-use classroom management tools, secure web filtering and linked parental controls. 

 ACID’s solution can significantly improve the cybersecurity profile of the education sector – from K-12 schools, through colleges and vocations schools to universities, including those heavily invested in research.

ACID deploys clusters of robots and implements sophisticated algorithms to perform continuous dark web monitoring in order to detect signs of impending attacks even while still in their planning stage, attacks that are in progress, and leaked data indicating that the organization’s systems have been breached. Client-specific keywords are used, and relevant language/s chosen for optimal monitoring results. Once a threat is detected on the dark web, deep web or on any other of the multiple sources monitored, ACID sends real-time alerts to the victim, enabling it to implement countermeasures to diminish the impact of the attack, or perhaps foil it altogether.