In 2022, nearly 2,000 schools across 45 U.S. districts were targeted by cyber attacks, almost doubling the number from the previous year, as reported by Emsisoft.
In 2022, nearly 2,000 schools across 45 U.S. districts were targeted by cyber attacks, almost doubling the number from the previous year, as reported by Emsisoft.
Schools struggle with insufficient funding to combat these cyber threats, according to Josh Heller of Digi International. The Penn Manor School District, with its 5,500 students, is a typical example, generating millions of data points vulnerable to cybercriminals.
These hackers target student data ranging from personal information to academic records, posing a significant risk to their future credit and emotional well-being.
Reisinger, speaking to the U.S. Senate on behalf of the Pennsylvania School Boards Association, underscored the long-term financial and emotional impact of identity theft on students. The challenge is compounded by the vast number of devices and people in schools, creating more opportunities for security breaches.
Warren Young of Absolute Software emphasized the risks associated with lost or compromised devices. Ransomware attacks, which hinder learning by causing downtime and requiring costly recovery efforts, are a primary concern, as noted by Heller.
These attacks also report significant costs beyond financial losses, including the impact on student learning.
Federal funding and regulations are critical in combating cyber threats in schools, with industry professionals looking to the government for solutions. Opportunities for improvement include increased funding and regulatory measures like California's Age-Appropriate Design Code Act.
Reisinger advocates for closing the cyber talent gap through partnerships between schools and local universities, offering internships and apprenticeships.
Young stresses the importance of auditing and encrypting data on school devices, while Heller highlights the role of responsible vendor disclosure and staying informed about potential vulnerabilities.
School districts must be vigilant in identifying and responding to cyber breaches promptly, as emphasized by the IBM Data Breach Action Guide 2022. Multi-factor authentication is essential for security, with experts recommending physical security tokens over SMS confirmations.
Despite the challenges, the cybersecurity industry in education is collaborative, focusing on communal strategies, layered security, and cyber hygiene to protect the educational environment from inevitable cyber attacks.
Jay Goldberg is a staff writer at TechEchelon covering technology, markets, and policy. He files the breaking news and deal coverage that move the publication's core desks.
More from Jay →CISA has confirmed active exploitation of CVE-2026-20253, a critical Splunk Enterprise flaw that allows unauthenticated remote attackers to manipulate files, and ordered federal civilian agencies to patch by Sunday under Binding Operational Directive 26-04.
Market intelligence platform Klue has confirmed attackers stole OAuth tokens connected to customer Salesforce environments on June 12, as the newly emerged Icarus extortion group publicly claims responsibility and the list of affected organizations continues to grow.
Human Rights Watch obtained Bulgarian export licensing records showing surveillance firm Circles sold phone-interception and geolocation tools to ten governments — including the UAE, Bahrain, and Azerbaijan — between 2018 and 2023, raising fresh questions about the EU's export control enforcement.
Written for readers who already know the basics — markets, AI, and the policy decisions that shape both.