CybersecurityCybercriminals Use Pandemic to Attack Schools and Colleges

By Nir Kshetri

Published 15 September 2021

From Aug. 14 to Sept. 12, 2021, educational organizations were the target of over 5.8 million malware attacks, or 63% of all such attacks. Ransomware attacks alone impacted 1,681 U.S. schools, colleges and universities in 2020. Globally 44% of educational institutions were targeted by such attacks.

Cyberattacks have hit schools and colleges harder than any other industry during the pandemic. In 2020, including the costs of downtime, repairs and lost opportunities, the average ransomware attack cost educational institutions $2.73 million. That is $300,000 more than the next-highest sector – distributors and transportation companies.

From Aug. 14 to Sept. 12, 2021, educational organizations were the target of over 5.8 million malware attacks, or 63% of all such attacks.

Ransomware attacks alone impacted 1,681 U.S. schools, colleges and universities in 2020. Globally 44% of educational institutions were targeted by such attacks.

study cybercrime and cybersecurity. In my forthcoming book – set to be published in November 2021 – I look at how the shift to remote learning during the pandemic has posed new cybersecurity challenges.

I see six important ways the pandemic has created new opportunities for cybercriminals to attack schools and colleges.

1. Unsafe Devices
Devices that were loaned to students during the pandemic often lack security updates. This is a serious issue since in 2020 alone, 1,268 vulnerabilities were discovered in Microsoft products. One such vulnerability can enable hackers to gain higher-level privileges on a system or network, which can be used to steal data and install malware.

As students, teachers and administrators return to school with devices that haven’t been patched in a while, a large number of vulnerable devices are likely to be reconnected to school networks.

2. Distracted Cybersecurity Staff
The shift to remote learning has also distracted the attention of limited cybersecurity staff from important security issues. In at least one case, persons responsible for cybersecurity were assigned to investigate bad online behavior, such as name-calling, that teachers and administrators handled before.

For most schools, cybersecurity has had to compete with other urgent issues created by the pandemic, such as mental healthvaccines and mask mandates.

3. Victims More Likely to Comply
In 2020, 77 ransomware attacks on U.S. schools and colleges affected more than 1.3 million students and resulted in 531 days of downtime. This downtime was estimated to cost $6.6 billion in economic terms.

The economic impact was based on an estimated average cost of $8,662 per minute. Some cyberattacks during the pandemic completely shut down major school districts for many days.