Many education institutions are now using digital tools to put educational materials online, track student progress, share research and manage operations. However, by hosting a wealth of data online, it makes them increasingly vulnerable to cyberattacks.

Education is among the sectors that experience the most cyberattacks, including healthcare, finance and retail. According to Check Point’s Mid-Year Report for 2022, the education sector had 44% more cyberattacks than the previous year. An average of about 2,300 attacks against educational organisations were reported weekly.

Why are cyberattacks in the education sector increasing?

Personal data theft

Data theft is common in the education sector as educational institutions collect and store a vast amount of sensitive information about students and staff. This can include personally identifiable information and financial records, such as full name, home address, email address, phone numbers, credit card details or social security numbers. This makes them especially vulnerable to cyberattacks, which can have serious consequences for students, parents and staff, including identity theft, financial loss and long-lasting reputational damage.


Research data theft

Universities and higher education institutions often conduct extensive research, and such intellectual property (IP) can create high financial reward for cybercriminals. While university researchers might focus on the prestige of developing techniques and making discoveries, failing to think about cybersecurity to protect this research can make it vulnerable to data leaks and breaches.


In 2018, over 300 universities worldwide suffered a giant cyberattack from nine Iranian hackers. According to the official report (Sys Group), hackers stole and exposed 31 terabytes of valuable intellectual property and data. Scary stuff.


Budgetary constraints

The education sector is one of the slowest adopters of modern cybersecurity solutions, typically due to a lack of funding. This can lead to the use of outdated technology and insufficient resources to invest in cyber protection solutions. Public schools receive funding from the government, which in turn can result in many budget constraints.

Cybersecurity is often deprioritised in educational institutions in favour of staff salaries, school resources and infrastructure upgrades. However, this has proven to be particularly damaging because it makes them an easy target for cyber criminals. For large and globally recognised institutions, a cyberattack or ransomware attack can have huge implications on their brand reputation that has been built over years.

Lincoln College in Illinois was shut down in 2022 due to a ransomware attack that crippled the entire school. Because the school was already facing budgetary issues due to Covid-19, the college ultimately failed to recover from the cyberattack.


Security lapses due to the global pandemic

As many educational institutions shifted to remote online learning during the Covid-19 pandemic, it caused a significant increase in cyberattacks against them. With more people now using online platforms for teaching, learning and submitting work, the attack parameters and number of potential targets has increased.

Education Laptop


Accenture reported a 125% increase in incident volume since the pandemic hit on a global scale as more schools and universities began using technology and virtual resources during the lockdowns. Students, teachers and administrators are now more vulnerable than ever to cyber threats.


Lack of specialist IT resources

Another factor creating cyber vulnerabilities may be the lack of technical expertise in educational institutions. With the increasing adoption of technology in education, such as learning management systems (LMS), online collaboration tools and virtual classrooms, it has become essential to protect these platforms and associated data from cyber threats.

If the majority of staff consists of teachers, administrators and maintenance staff, cybercriminals will target organisations they know are lacking in technical intelligence in the hope they can prey on unsuspecting students and teachers.

In a Stealth Labs survey on 17 different industries, the education sector ranked last in terms of cyber security preparedness. The survey revealed that the education sector is vulnerable in endpoint security, security awareness levels and software updates, all of which are a hacker’s dream to target.


Increased incidents of ransomware attacks

Ransomware is a huge problem for the education sector, but its impact is more than financial. Attacks also disrupt children’s education and cause personal information relating to both students and teachers to be leaked.

In a ransomware attack, cyber criminals block victims’ access to their own data and will release the block only if the victim pays a ransom. The criminals often threaten to release the data publicly if the ransom is not paid. Ransomware attacks can cause severe disruption to accessing critical educational resources and cause significant financial losses.

System Hacked


According to Sophos’s State of Ransomware in Education 2023 report, the education sector recorded a higher share of ransomware victims than any other sector in 2022. The security report was compiled from interviews with 400 IT and cybersecurity leaders globally, split evenly across schools and higher education institutions. It revealed that 79% of higher and 80% of ‘lower’ education institutions were compromised by ransomware over the past year – up from 64% and 56% in 2021, respectively.

Compromised credentials (36%) and exploited vulnerabilities (29%) were the top two most common root causes of the most significant ransomware attacks in lower education. Emails (malicious emails or phishing) were the starting points for nearly one-third of the attacks (30%), suggesting that the sector is highly exposed to email-based threats.

In higher education, exploited vulnerabilities (40%) were the most common root cause of ransomware attacks, followed by compromised credentials at 37%. Together, they account for 77% of ransomware attacks in higher education. Email-based attacks are a less common root cause but still drive 19% of ransomware incidents.


DDoS attacks

Distributed Denial of Service (or DDoS) attacks interfere with internet connection and network, slowing down online productivity. Cybercriminals use DDoS attacks to overwhelm education systems with malicious traffic, causing systems to crash and disrupt services.

Many schools and universities often do not even realise they have been a victim of a DDoS attack. Attacks can go unnoticed or become written off as a network fault or an issue with the internet service provider. But combined DDoS and ransomware attacks can cause an institutions to shut down for extended periods of time, creating a long-term, negative impact on business reputation.


Phishing attacks

Whilst phishing attacks are common attack against all industries, this social engineering attack often preys on the insecurities of students or the lack of security training in staff and teachers. Stealth Labs revealed that 30% of users in the education sector have been the victim of phishing – double the rate of the general population.


Cyberbullying and online harassment

Cyberbullying is quickly outpacing the traditional forms of bullying, and the internet is its battlefield. The emergence of cyberbullying brings a new set of challenges because online bullying transcends the school environment.

When students are targeted online, it can create a very hostile and intimidating learning environment. Preventing cyberbullying is not easy: because it happens on the internet, it is difficult to police. However, the best way to prevent it is to treat it as a whole school community issue as well as treating it as another form of bullying within the school’s anti-bullying policy.


Preventative measures

Effective cybersecurity measures are necessary to safeguard educational institutions’ data and systems from unauthorised access, data breaches and cyberattacks. The good news is that schools and high education institutions can still protect themselves from cybercriminals, even with limited budgets and resources.


  1. Enlist the help of an IT team like Securus to install anti-virus software and endpoint protection. There are many cost-effective services and one-time investments to increase overall cyber resilience. With a few security software updates, your networks and systems will be far safer and will remain protected.
  2. Encourage students and staff to use multi-factor authentication (MFA). When logging into school computers or other devices, students, teachers and other staff members should need to enter not only a password, but also another level of authentication.
  3. Keep compliant. Educational institutions are subject to various regulations and standards related to data privacy, security and compliance, such as the Family Educational Rights and Privacy Act (FERPA) in the US or the General Data Protection Regulation (GDPR) in the European Union. Implementing robust cybersecurity measures helps ensure compliance with these regulations and avoid potential legal ramifications.
  4. Promote cyber awareness and digital literacy. Educating students and staff about cybersecurity best practices, cyber hygiene and digital literacy is essential for building a cybersecurity-aware culture within educational institutions. By raising awareness about common cyber threats, social engineering tactics and safe online behaviour, educational institutions can empower their stakeholders to protect themselves and contribute to a more secure cyber environment.
  5. Invest in cyber incident planning and response training for IT staff. This can help create your own effective cyber incident response plan, which in turn can go a long way in protecting your institution from the financial and reputational damage that comes with a cyberattack.
  6. Conduct up ‘live fire’ drills. Like regular fire drills, ‘live fire’ drills involve staging a mock cyberattack during regular school hours. It will help students and staff learn how to spot suspicious online activity, and what to do to resolve it.
  7. Use fibre-optic cables to transfer data via laser-light rather than legacy copper cabling transmitting data via electrical impulses.
  8. Use low-latency layer-2 hardware that can forward data using high-speed ASICs at wire-speed rather than slower Layer-3 devices that need to make slower routing table lookup.
  9. Deploy caching of L2/L3 forwarding/routing tables to reduce lag created by slow forwarding lookup.
  10. Use local LAN, edge computing and fog computing to keep processing power as local to the user device as possible. Fog computing is a form of distributed computing that brings computation and data storage closer to the network edge, where many IoT devices are located.

In conclusion

Cybersecurity in the education sector is crucial for protecting sensitive data, intellectual property, academic integrity and operational continuity. By prioritising cybersecurity, educational institutions can enhance their resilience against cyber threats and deliver educational services securely and seamlessly.

To find put more about how Securus can help you strengthen your cybersecurity strategy, contact one of our security experts today on 03451 283457.

Get In Touch

SD-WAN, Anti-Malware, Next Generation Anti-Virus, SASE and Immutable Backup, Securus has a security solution to suit your requirement and budget.

Let’s discuss your latest network security requirements in more detail.