Education in Cybersecurity: The Perspective for The Upcoming Years

by Imed Bouchrika, PhD

Co-Founder and Chief Data Scientist

Share

In December 2024, PowerSchool—a platform many have never even heard of outside the education sector—made headlines. The company suffered a cyberattack that exposed the personal data of its vast client base, which includes countless school districts and encompasses more than 60 million students around the world. The exact nature of the sensitive data potentially compromised depends on the specifics of each school district affected, but in the worst cases, it could include the names, addresses, social security numbers, medical records, and grades of, primarily, children.  

The widespread impact of this attack has made it particularly newsworthy. Yet, targeting educational institutions is not a new strategy by cybercriminals, especially in recent years. Massive attacks have had debilitating effects on various types of organizations (both public and private) and are becoming more common—almost by the month, it seems. Just consider some of the other headline-grabbing attacks from the past calendar year. 

Aside from the obvious consequence of exposing the personal data of millions of children, there is hopefully another powerful takeaway from this widely reported incident: cybersecurity education in North America needs to be extended and expanded—especially in the education sector itself. And the sooner, the better.

How Does Cybercrime Work?

Interestingly enough, the education sector is now one of the most targeted industries for malware cybercrime. According to statistics, approximately 80% of lower education providers (K-12 schools) and 70% of higher education providers (colleges and universities) were hit by ransomware in 2023. And that number is rising rapidly.

How does this happen? How do hackers and cyber criminals access such wide, vulnerable systems? Take this hypothetical case study. 

Faculty and staff at a BC university receive a very standard-looking email from the IT department requesting a routine password update. Around 10% of receivers don’t open the email, another 10% open the email and decide they’re too busy to respond immediately, and a further 20% do nothing—but 60% click the link and follow the steps to update their password. 

There is an issue, however. The email wasn’t from the IT department. It was a (successful) phishing attack by a hacker who now has access to several accounts on the university server. With time, hackers can access important university data. It includes personal student details, records, research material, and even early-stage intellectual property. 

Once the hacker (or group of hackers) has accessed the sensitive information, they have several options for turning a profit. A popular strategy, especially recently, is to hold the data for ransom, threatening to expose the private information of thousands of students and faculty members if the ransom amount is not paid. 

The university decides to pay the ransom—not only to prevent sensitive data from being released onto the dark web—but because the hackers have also taken control of various essential services needed for the school to run smoothly. But this is the worst-case scenario, and the group takes the ransom but still sells the stolen data on the dark web—where it can be bought by cybercriminals from around the world who can use that information to steal someone’s identity, gain access to other important accounts, or continue the cycle of social engineering on bigger targets. 

A cybercrime attack on an educational institution is dangerous for its staff and students. It can also severely harm the school’s reputation. Or even continue to damage the public’s already eroding trust in North American institutions. A single individual or group rarely suffers from an attack of this nature. And consequences can still be felt for years after the initial attack. 

What’s at Risk? 

Most cybercriminals aren’t targeting schools, universities, and research institutions because they want to disrupt education. Although for any hacker who didn’t like school, it may serve as an added benefit. The main motivation is a more practical one—financial gain. School servers often contain specific information on an extensive faculty and student records that proves lucrative on the black market, such as social security numbers, financial account information, academic and medical records, and developing research, among other things.

On the dark web, the personal and financial data of an exposed individual can be sold for a wide range of prices. For example, an individual's social security number may go for as little as $1, while passport information can go for as much as $2,000. Information from a security breach may not be bought, sold, or used immediately. Identity theft or fraud can happen up to six years after personal information has been exposed. 

What Makes Schools So Vulnerable?

The education sector has historically struggled with inadequate IT resources. In some smaller K-12 districts, the head of IT may also be the history teacher and the track coach. Without sufficient resources, taking adequate steps for proper cybersecurity coverage is often placed firmly on the back burner. 

Universities, in particular, encounter struggles due to their decentralized IT systems. Multiple departments may manage their networks and devices, meaning the multiple components aren’t always aware of what is happening within the others—or even the central hub. Lack of general visibility and communication between departments makes it difficult to track all connected devices and enforce coordinated security measures.

In both K-12 schools and universities, students and staff are not commonly well-versed in modern cybercrime and hacking tactics, making them especially vulnerable to phishing attacks and other forms of social engineering. Hackers pointedly exploit this lack of training to gain access to individual accounts, which they can then use to disrupt entire servers. 

Rapid Technological Development

In the past five years, the world of education has rapidly adopted new technologies. In part it's  because it needed solutions for the COVID-19 lockdown protocols. Remote learning platforms embraced during the pandemic brought inherent security challenges that schools did not have enough time to counteract. 

Additionally, schools trying to adapt to students’ new social reality of using smartphones, tablets, and laptops for daily life implement programs that are helpful for student learning but harmful to online security. Initiatives that aim to give students 1:1 access to personal laptops or tablets in the school environment mean that a student’s official and personal accounts often become one, putting a network at risk for malware infection, unauthorized access, or lost or stolen credentials if the device gets misplaced. 

A surprising number of educational institutions continue to use outdated systems and hardware. Unpatched security flaws create an excellent entry point for nefarious actors, and some hackers even target these types of legacy systems due to their relative ease of infiltration.

What Can a Cybercriminal Do?

Young K-12 students have proven that they can launch a Denial-of-Service (DoS) attack to simply disrupt their online classes. It's often done to avoid doing school work or postpone exams. What would that look like? Imagine: 

A group of students use a botnet to overload their school’s network on the morning of their final exams. Flooding the system with excessive traffic allowed them to crash the online testing platform resulting in a lack of access to the platform, and a forced rescheduling of the exams. For the students, it’s just a way to buy more time to study (or even a general act of defiance against testing in the first place)—for the school, it’s a nightmare. The attack triggered other disruptions on critical servers, including email communications and access to grading data. 

This imaginary incident has played out in real schools across the United States. It showcases how a relatively simple attack can have widespread effects on day-to-day school operations. Even if it's orchestrated by grade schoolers.

Imagine what a professional cybercriminal or hacker can do if a teenager can implement such an attack. DoS attacks are a common tactic hackers use to overload systems, either to demand a ransom or to test potential security weaknesses on a network for possible entry points for a future attack. 

Phishing Attacks 

Phishing is one of the most common tactics used to gain access to large servers. It describes the process in which a hacker or nefarious agent gains access to a person's credentials by sending them a fake email. The email looks convincingly real. Therefore, it coaxes them into downloading something malicious or inputting their details in a way that can then be stolen. 

Once access has been achieved, attackers commonly introduce ransomware into the system. This malware locks critical systems until the target agrees to pay a ransom to gain back access or defend against the attack in other ways. By then, it's often too late. Even if an institution can regain control of its server, users' data and other services may be fundamentally compromised. 

Cybercrime Prevention 

When a cyber-attack happens, it doesn’t just impact the school’s IT department. It disrupts the lives of students, faculty, and the institution itself, sometimes for years down the line. Personal information can be stolen and used for identity theft or blackmail. Meanwhile, faculty research can be stolen, and a school’s operations may be shut down for days.

Schools have a legal and ethical responsibility to safeguard this data. Many school boards, policymakers, and communities grapple with how to best accomplish this. Since technology advances at such a breakneck pace, how can institutions keep up, especially with increasingly tighter budgets and less government support?

What Constitutes an Effective Incident Response Plan?

A robust incident response plan encompasses preparation, detection, containment, eradication, recovery, and post-incident analysis. Clearly defined roles, streamlined communication protocols, and regular simulation exercises are integral to reducing recovery time and mitigating risks. Institutions should coordinate with internal and external experts to assess vulnerabilities, evaluate the impact of potential breaches, and ensure that recovery procedures are in line with industry best practices. Investing in specialized education, such as the cheapest online masters in artificial intelligence, can further enhance strategic capabilities and technical readiness for efficient incident management.

Can Emerging Technologies Transform Cybersecurity in Education?

Emerging technologies such as artificial intelligence, machine learning, and advanced data analytics are reshaping cybersecurity strategies within the education sector. These innovations facilitate proactive threat detection and dynamic system monitoring, enabling institutions to anticipate vulnerabilities instead of merely reacting to breaches. Integrating real-time analytics with predictive modeling can help create adaptive defenses that evolve with emerging tactics used by cyber adversaries. Institutions looking to bolster their defensive posture might consider advanced academic programs, including the most affordable online master's in data science programs, which emphasize data-driven decision-making and cutting-edge cybersecurity methodologies.

How Can Interdisciplinary Programs Bolster Cybersecurity Preparedness?

Cybersecurity threats demand an academic approach that crosses traditional disciplinary boundaries. Integrating sector-specific studies with robust cybersecurity training allows institutions to craft a well-rounded defense strategy. For example, healthcare education can benefit from incorporating principles of data protection and digital risk management, preparing professionals to manage both clinical and cyber challenges. Students and professionals may enhance their expertise and adaptability by combining technical learning with industry-specific challenges—such as through most affordable online nursing informatics degree programs—ensuring they are better prepared to address emerging vulnerabilities in an interconnected digital world.

How Can Advanced Academic Degrees Enhance Cybersecurity Leadership in Education?

Advanced academic degrees offer a pathway to develop strategic thinking, interdisciplinary expertise, and tactical solutions tailored to the evolving challenges of cyber threats in education. These programs emphasize not only technical proficiency but also leadership, risk management, and innovative research methods—skills that are critical for transforming institutional cybersecurity practices. Furthermore, integrating advanced studies into the cybersecurity framework can bridge gaps between various technological fields, similar to how specialized programs explore what jobs can you get with a masters in biotechnology, thereby fostering a holistic approach to digital risk mitigation and operational excellence.

How Can Institutions Ensure Regulatory Compliance in Cybersecurity?

Educational institutions face mounting regulatory requirements that demand a proactive approach to data protection and privacy. Establishing a compliance framework based on recognized standards—such as FERPA, HIPAA, or NIST guidelines—not only safeguards sensitive information but also builds institutional trust. Regular audits, detailed risk assessments, and dedicated compliance protocols are essential to identifying vulnerabilities and mitigating exposure. Investing in specialized training, including programs like the cheapest online cyber security degree, can elevate internal expertise while ensuring adherence to evolving legal mandates.

Culture-Shift and Practical Solutions

It is well-known wisdom that the first step in addressing a problem is effectively recognizing that the problem exists. So, how can educational institutions address cybercrime? They must first fully acknowledge that the rising threat of cybercrime exists and needs to be taken seriously. 

For many smaller school districts or public universities, budget constraints and other roadblocks make implementing change difficult. But even in these cases, a mindset change can have a significant impact. Even small, consistent steps can lead to useful change. 

• Regular security updates can significantly reduce vulnerabilities. Hackers will often target outdated systems because they are easier to access. Reducing the likelihood of becoming a target in the first place is invaluable to avoiding a cyber breach. 
• Encouraging staff and students to use strong, unique passwords and multi-factor authentication can reduce the likelihood of a system being compromised through
• Having an incident response plan in place is essential in the event that an attack occurs. If teams do not struggle to understand what's happening and take decisive action in response to an attack, they are more likely to reduce the impact of a breach should it occur. 

Even schools with limited resources can implement many of these steps. More essentially, however, is cooperation and coordination. Every person within an institution must take the threat of cybercrime seriously and do their part. Everyone from the president to the principal and from the IT department to the track coach.

Curriculums 

The time has come for cybersecurity principles to be incorporated into education systems. Not only to prevent cybercrime attacks within the institution but also as a life skill. By age 11, most students already use smartphone apps, public WiFi networks, and multiple social media accounts. As early as grade 6, schools should focus on building the fundamentals of digital literacy. It includes privacy, password management, and the dangers of phishing and oversharing online. 

With the introduction of AI-driven attacks and deepfake phishing attempts, cybercrime is becoming more sophisticated each year. It’s not just a distant concept anymore. Understanding how to recognize suspicious online activity can give children and young adults a solid foundation for the changing nature of these threats. These fundamentals should be a required part of the K-12 curriculum. 

Universities should expand their course options. They could include dedicated programs, certifications, and hands-on training. The demand for cybersecurity professionals is expanding. So, these courses can help students develop careers in a deeply important industry. More importantly, and even if they do not pursue such a career, students can gain an understanding of online safety that can carry them through their lifetime as online individuals. 

Essential Cybersecurity Tools 

A comprehensive solution against cybercrime starts with acknowledgment and the willingness to address the problem. The next step is access to the necessary information to understand the problem. The next step is implementation. 

Luckily, various useful tools are refined specifically for online protection and cybercrime prevention. Most cybersecurity tools are widespread, easy to use, and can be downloaded for free or purchased at a minimal cost. 

A VPN service, for example, is an easy and low-maintenance way to secure communications for students, faculty members, researchers, or anyone within the walls of an institution. Thanks to the extra layer of encryption on internet traffic, VPNs are especially useful for those using open Wi-Fi networks. 

Additional tools and strategies for better protection include utilizing endpoint protection, firewalls, and intrusion detection systems. 

• Endpoint protection is on par with placing a security guard at every entrance to a home—from the front door to the windows (or even on the doggie door!). Every entry point to a school's system (each computer, phone, tablet, or device connected to the network) is protected with special security software. This software protects devices from viruses, hackers, and suspicious activity while also checking them for weaknesses. 
• A firewall is similar to having a metal detector or security check at every physical entry point to a building. Digitally, it checks all data entering and exiting a device to ensure nothing nefarious gets through. A firewall detects suspicious activity, such as a virus or hacker, and then blocks it. 
• An Intrusion Detection System (IDS) works by monitoring what’s going on inside a network. It's similar to an alarm that might detect unusual motion inside a house. It doesn’t block unusual or potential nefarious activity but works as an alert system to warn cybersecurity teams of a potential issue. 

One single tool is a great start to reinforcing an institution's security outfit. A confluence of multiple tools creates the best defence. Depending on the specifics of each system, cybersecurity teams can decide which tools best suit their needs and financial capabilities. 

Government and Private Sector Support

Governments can support educational institutions in various ways. It can provide funding, mandates, and enactment resources. These resources help boost cybercrime prevention initiatives, whether through culture shifts, curriculums, or tool utilization. 

The private sector can also step up. The Cybersecurity & Infrastructure Security Agency (CISA) promotes and supports collaboration between the public and private sectors. By attending conferences and workshops within the cybersecurity industry and joining coalitions and information-sharing networks, K-12 schools and universities create the opportunity to partner with businesses and organizations committed to offering tools, research, and funding to create better online infrastructures in the public sector. 

Support should not come from just one source. Protecting users from data breaches must come from various angles. Individuals, communities, institutions, governments, and the private sector must all collaborate to address and prevent the many consequences of a cyber attack. 

What Can You Do? 

Cybersecurity knowledge should not be considered an “extra.” It’s a necessity. Modern members of society do everything online. Children, neighbours, friends, and family rely on the internet for daily tasks. The digital footprint of the next generation is vulnerable to attack—from personal data to intellectual property to important university research. The key? Embracing a culture of life-long learning, proactive measures, and an education-led attitude on how to protect what’s vulnerable in this chronically online world.