Cyberattacks targeting schools in both the US and UK have increased in frequency significantly in 2019, according to research published today.

According to analysis by Barracuda, 2019 has seen almost the same number of incidents targeting schools as 2017 and 2018 combined.

The research also found that 83% of schools in the UK had experienced at least one cybersecurity incident.

This is despite the overwhelming majority of schools following basic cybersecurity principles, with 99% deploying antivirus and firewall solutions.

Schools face full spectrum of cyberattacks

While cyberattacks against schools are increasingly common, their exact nature is varied.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Data breaches were found to be the most common type of cybersecurity incident, accounting for 31% of incidents, while malware came in second at 23%.

Phishing only accounts for 13% of incidents, while hacks of network or infrastructure make up 10%. Distributed denial of service (DDoS) attacks make up just 4%.

Notably, not all cybersecurity incidents are the result of malicious attacks. In 16% of cases, the incident took the form of an accidental disclosure of data.

Insider threat in schools

In a significant minority of cases, the cybersecurity incidents were not the work a malicious third-party, but instead the result of actions by students or staff members – a phenomenon known as insider threat.

Not all of these cases were intentional, however. In many cases, users of the school network accidentally infected it with malware, for example.

However, Barracuda does report that malicious attacks by students are an “increased risk”.

21% of UK schools found evidence of unauthorised use of computers, networks or servers, while analysis of the K-12 Cybersecurity Resource Center, which covers US schools, found that 6% of incidents were the result of intentional student actions.

Protecting against school attacks

For schools looking to beef up their cybersecurity, Barracuda’s advice includes the usual focus on perimeter security, which includes email protection, network and application firewalls and web filters, as well as internal network security, such as data backup solutions, intrusion detection and anti-malware tools.

However, the company also highlights the need for effective capabilities in the event of an incident, so that it can be responded to and resolved quickly and effectively.

And for this, capable and knowledgeable staff is essential.

“Maintaining a capable IT security staff is for many school districts because IT staffing needs often compete with other much needed positions, such additional teachers to keep up with enrollment rates,” the company wrote.

“Without this staff, though, it can be difficult to patch systems and respond to potential incidents or even properly configure security solutions to maximise their benefit.”


Read more: Account takeover attacks: The digital scam taking phishing’s crown