Cyber attacks against schools have increased dramatically and this year has already seen nearly as many incidents as the previous two years combined, according to Barracuda, who analyzed data collected by the Cyber Security Documentation Center from kindergarten through 12th grade. . year (K-12 CRC), which tracks reported attacks. against schools since 2016.
So far in 2019, there have been 301 attacks on schools, compared to 124 in 2018 and 218 in 2017. However, these figures relate only to reported cases and it is highly likely that other cases will be reported. it is not reported or even detected due to the use of hidden malware. to steal information, participate in botnets or exploit cryptocurrencies.
In a recent report published by the National Cyber Security Center (NCSC), 83% of the 430 schools in the UK were victims of at least one cybersecurity incident, while 98% of them used antivirus software and 99% firewall protection.
Using a single source of threat data, a list of all known websites owned by American and British schools, the Barracuda researchers found 234 unique malware samples attempting to connect to domain names. # 39; schools. The company also found 123 IP addresses belonging to the same group of schools whose reputation was negative, which could indicate additional malicious activity.
Cyber attacks against schools
Barracuda research found that the most common attacks in schools (31%), malware (23%), phishing (13%), hacking of network infrastructure or schools (10%), and denial of service attacks (4%) ).
This increase in cyberattacks against schools can be explained by a number of reasons, including the fact that many school districts have only one or two computer scientists without cybersecurity personnel. The increase in the number of devices provided by schools in recent years is another factor because it has greatly expanded the attack surface and the number of systems to protect.
Phishing accounted for 13% of the incidents reported to the K-12 Cybersecurity Documentation Center. However, the actual number of incidents related to phishing is probably much higher, as it is unlikely that phishing will be reported at school unless an incident occurs. or that the campaign is important enough to warrant your attention.
To better protect against cyber attacks, Barracuda recommends that schools increase their perimeter security through network firewalls, web filters and email protection, and internal network security. Adaptation to security patches and incident response capabilities. Maintaining a competent IT security staff is also a critical step in preventing cyber attacks.