Despite several high-profile cyberattacks against some of the largest school districts in the country, the education sector saw fewer ransomware attacks compared to this time last year, a new analysis suggests. However, security leaders shouldn’t be too quick to let their guards down as another threat is quickly taking the spotlight.
Last week, the cybersecurity company SonicWall published its mid-year update report in which it identified some of the latest trends and tactics used by cybercriminals. Based on its findings, the researchers offer both good and bad news for K12 leaders to consider ahead of the 2023-24 school year.
A dip in ransomware incidents
Since becoming the number one target for ransomware attacks, several security organizations have advised leaders throughout the education sector to keep a sharp focus on cybersecurity. While this advisory ceases to fade in importance, the number of ransomware incidents against educational institutions actually decreased compared to data taken this time last year, according to the report.
While attacks against higher-ed organizations increased by 6% during the first half of 2023, this minor spike is offset by a significant drop (19%) in incidents against K12 schools, in addition to an “astounding” 95% drop among “other educational organizations.”
However, the education industry continues to be the most-targeted sector compared to government, healthcare, retail and finance.
More from UB: How admissions offices worked around court rulings and tech trends to uphold core values
Malware, the latest threat
Tech leaders through the education industry should keep a watchful eye on malware attempts from cybercriminals, the report suggests. Similar to ransomware, education is also the most common victim of malware attacks.
During the first six months of 2023, this industry saw a 179% spike in overall attack volume compared to the first half of 2022. The attacks are seemingly regular as well, with 16.6% of victims reported being targeted at least once a month.
Again, these trends tell a different story across K12 and higher education respectively.
“Higher education actually saw a decrease in malware attempts in the first half of the year, bringing their total attack volume down 42%,” the report reads. “But this was more offset by a massive spike in malware among K12 organizations, which saw a staggering 466% increase in attacks year to date.
Resources for leaders
While these threats may not be of any surprise to you or your IT department, their sheer scope may be of concern. If that is the case, the U.S. Department of Education offers a variety of resources for K12 and higher education leaders wanting to gain a better understanding of how to mitigate and prevent various cyber threats. Here’s a brief list:
K12
- Addressing Adversarial and Human-Caused Threats That May Impact Students, Staff, and Visitors
- Building Technology Infrastructure for Learning Guide
- Data Breach Scenario Training Kits
- Data Security Checklist
Higher Education
- School Closure Best Practices
- Ransomware Targeting Educational Institutions
- Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs)
