The education sector faces an escalating cybersecurity threat as schools and universities increasingly rely on digital infrastructure. In 2023 alone, cyberattacks exposed vulnerabilities in major school systems, underscoring the urgent need for stronger defenses. For example, the MOVEit breach compromised the personal information of students and staff across 3,500 U.S. schools. At the same time, the Los Angeles Unified School District (LAUSD) faced an attack that exposed student data on the dark web. Cybercriminals even tricked New Haven Public Schools administrators into transferring nearly $6 million to fraudulent accounts. These incidents reveal the complex digital landscape that educational institutions must secure as they manage sensitive data, from student records to financial information, while operating in an inherently open environment that can attract cyber threats.
Microsoft’s recent cybersecurity report, Cyber Signals Issue 8 – Education under siege: How cybercriminals target our schools, identifies educational institutions as prime targets, with an average of 2,507 attacks per week. The sector’s reliance on legacy and modern IT systems, compounded by staffing and resource limitations, makes it especially vulnerable to malware, phishing attempts, and IoT-based attacks. The diverse user base—including students, teachers, and administrators—adds to the complexity, as personal and often unmanaged devices connect to school networks, heightening the risk. Microsoft reports that the education sector’s openness and numerous external connections leave schools susceptible to cybersecurity breaches.
Digital Transformation
Digital transformation in education has expanded these risks. Microsoft’s report emphasizes the increased use of virtual learning, personal devices, and cloud storage, which have expanded the digital footprint of schools and universities. Now, even students as young as six have access to school networks, and cyber threats are growing in response. For example, QR codes, commonly used in emails and campus flyers, are increasingly weaponized by cybercriminals who use them to steal login credentials or deploy malware. The United States Federal Trade Commission has warned about the risks posed by malicious QR codes, and Microsoft data shows that educational institutions encounter over 15,000 such threats daily.
In addition to financially motivated hackers, educational institutions are targeted by nation-state actors due to the sensitive intellectual property they handle. Universities engaged in federally funded research or projects in fields like technology, defense, and nuclear science are often targets of international cyber actors. For example, Iranian hacker groups, including the Mabna Institute, have targeted universities globally to steal research data and access library systems, while North Korean actors like Emerald Sleet use social engineering and AI-generated scripts to extract strategic intelligence from experts in East Asian policy.
Collaboration
Schools and universities face unique challenges in balancing cybersecurity with the openness essential to academic collaboration. This need for accessibility makes them vulnerable to threats through open email systems and access platforms. According to the UK’s Department of Science Innovation and Technology, 43% of higher education institutions experience weekly cyberattack attempts, underscoring the global scale of the threat. Additionally, the rise of AI in education adds complexity, as cybercriminals target AI-enabled systems and sensitive datasets, potentially compromising research and national security.
Institutions across the U.S. are starting to strengthen their defenses. The Arizona Department of Education, for example, implemented strict policies, blocking all external traffic to its Microsoft 365 and Azure environments. Such zero-trust measures, along with multifactor authentication, stronger password protocols, and digital hygiene education for staff and students, are becoming crucial to protect educational communities. Microsoft’s Corey Lee, an expert in educational cybersecurity, emphasizes the need to prioritize security in education, calling it a unique “industry of industries” that requires a comprehensive approach to defend its wide array of sensitive data.
Proactive Steps
Institutions like Oregon State University (OSU) have taken proactive steps by creating Security Operations Centers (SOCs) and incorporating AI tools to automate threat detection and train student analysts. These efforts help OSU protect its sensitive research within a limited budget, demonstrating how schools can enhance their security posture even with financial constraints.
Schools and universities can better protect their communities and sensitive data by fostering cyber awareness and promoting digital hygiene. As incidents like the MOVEit breach and attacks on LAUSD reveal, educational institutions must adopt comprehensive cybersecurity strategies to safeguard the information and intellectual assets essential to learning and innovation.
Other News: Biden admin to support controversial UN cybercrime convention.