Cyberattacks on K-12 Schools and Higher Education

K-12 schools and universities are increasingly becoming targets for cyberattacks due to the valuable information they hold, such as student and staff personal data, financial information, and research data. Cyberattack statistics include:

Proofpoint found that 90% of higher education institutions experienced at least one successful phishing attack in 2019.

Malwarebytes found that the education sector was the most heavily targeted industry for email-based attacks in 2020, with 44% of attacks targeting education organizations.

The US Government Accounting Office (GAO) analyzed a study to determine the number of students impacted by ransomware attacks from 2018-2021, which showed a sharp increase starting in 2019.


Here are some of the ways these education organizations are being targeted for cyber attacks:

Ransomware attacks

Ransomware attacks involve hackers encrypting a victim’s data and demanding payment in exchange for the decryption key. K-12 schools and universities are vulnerable to these attacks because they often lack the resources and expertise to protect their networks adequately. Education organizations are especially vulnerable to ransomware attacks due to the large amount of valuable data they hold, such as student and staff personal information, financial data, and research data. Ransomware attacks can be devastating to education organizations, causing disruption to learning and potentially compromising sensitive data.

Phishing attacks

Phishing attacks involve sending fraudulent emails or text messages that appear to be from a trustworthy source such as a university IT department or a professor. These messages can contain malicious links or attachments that, when clicked on, can install malware on the victim’s computer or give the hacker access to sensitive information or secure systems. Phishing attacks are a significant threat to universities because they can compromise personal and financial data, as well as intellectual property and research data. Universities often hold a wealth of sensitive information, making them a prime target for cybercriminals. In addition, universities have large and diverse populations of users, including students, faculty, staff, and contractors, which can make it difficult to enforce consistent security practices and policies.

Distributed Denial of Service (DDoS) attacks

DDoS attacks involve flooding a website or network with traffic, overwhelming it and making it unavailable to users. Schools may be targeted with DDoS attacks to disrupt online learning and cause chaos.

Social engineering attacks

Social engineering attacks involve tricking individuals into divulging sensitive information or granting access to secure systems. For example, a hacker might call a school’s IT help desk posing as a staff member and request access to sensitive data or systems.

The GAO also has a recent article about cyberattacks on K-12 schools and what is being done, as well as a podcast.


An overlooked area for cyberattack is the operational technology (OT) and building controls that run the school infrastructure such as HVAC, lighting, access control, elevators, and life safety systems. These systems, which are increasingly connected to the internet can be a gateway IT system or just used for operational disruption. OT systems are often considered more vulnerable to cyberattack as these systems do not typically use IT-based operating systems for which there are numerous cybersecurity solutions. OT systems can be protected with other methods, including a zero trust approach that requires all devices to be mutually authenticated before they can communicate.