Cybersecurity Risks in the Education Industry


By Chris Williams, Security+

According to IBM, it is estimated that the average cost of a data breach in the education industry in 2021 was $3.9 million. For some institutions, this amount can be devastating. But there are ways to prepare for and prevent these attacks.

Why the Education Industry is a Hot Target

Schools and colleges have a large amount of Personal Identifiable Information (PII) required for everyday operation, and cybercriminals want to get their hands on this kind of information. Educational institutions often also have limited resources for network security and complex structures required to grant network access to faculty, staff, students and parents. This can make it difficult to identify vulnerabilities and catch bad actors who may have infiltrated the network.

The Effects of Ransomware on Schools

Earlier this year, a school district in Albuquerque, New Mexico was forced to cancel school for almost a week due to a ransomware attack. The cybercriminal was able to compromise a database that was used to track attendance and emergency contacts for the students. This database also had the contact information for others who were authorized for student pickups.

These types of attacks can happen due to phishing email scams, in which untrained users click on malicious emails that allow the attackers into the network. Phishing attacks are a risk for any organization, but the education industry in particular is at risk for these and other more complex threats — more so than many other industries.

Want to get ahead of these attacks and identify vulnerabilities in your systems?

How Do These Attacks Play Out?

If you peruse the headlines of cyberattacks in 2021, you will find that many attacks on schools were carried out by students and many are carried out by remote attackers. Students often have access to the networks. Remote attackers often start with phishing a user on the network. In either scenario the first step of the attack — gaining access — is easy.

To address this, network administrators must work to properly secure accounts to ensure that each account can only perform the tasks they are assigned and nothing more. They must also be made aware if someone is trying to gain access to information or systems that they should not have permission to see.

The Consortium for School Network (CoSN) places cybersecurity and the privacy of student data as their top two priorities, but they believe that the risks are generally underestimated. The Center for Internet Security (CIS) estimates that cybersecurity attacks aimed at K-12 school systems could jump to as much as 86% in the coming academic year.

Active Directory Attacks

Active Directory (AD) stores information about objects in the network, including information such as all user accounts, servers, computers, data volumes, printers, etc. Active Directory Domain Services (AD DS) stores this information and makes it available to network users and administrators, providing a centralized directory to administer network security and network resources. Securing the domain is essential to the overall security and resilience of an organization.

After gaining access into a network, attackers turn to elevating their privileges in the network. Normally the goal is to gain Admin privileges to Active Directory, which then provides total control over the Active Directory domain.

There can be Active Directory vulnerabilities that are patchable. However, many of the vulnerabilities that are exploited are due to misconfigurations of:

  • Administrator privileges settings
  • Group Policies
  • Services and Service accounts
  • Old, unused accounts, etc.

Eide Bailly was contracted by a school district to conduct an audit of their AD environment. The district included over twenty-five schools with 14,000 students and 1,800 staff and faculty, and their user accounts totaled over 40,000. The district had recently experienced a major cyberattack and security breach that resulted in a loss of their network for several weeks.

After the district rebuilt their AD environment, they asked Eide Bailly to identify gaps between their current implementation and industry best practices. Our report provided the results of our assessment, including areas of concern in the current control environment along with recommendations for improvements and enhancements.

The results of our assessment included information gathered through an analysis of the organization’s business risk as they relate to information technology, a review of the design and operating effectiveness of the information technology internal control structures, and an evaluation of informal cybersecurity practices that the company had established.

How Can My Institution Mitigate Cyberattacks?

A proactive stance on cybersecurity can result in major savings for your district or institution. But this proactive approach doesn’t start with your IT department. A true culture of security begins at the top to align cybersecurity goals and business goals. Educating your educators — as well as your students — on what to watch out for is key, as nearly 90% of breaches are a result of human error. With the right preparation and continued vigilance, you can help minimize the impact of this imminent threat.

Need help determining what a culture of security looks like for your institution? We’ve compiled an in-depth guide to cybersecurity.

Stay current on your favorite topics


Learn More

See what more we can bring to organizations just like yours.

Government Education Education (K-12)

Take a deeper dive into this Insight’s subject matter.