The State of K-12 Cybersecurity: 2018 Year in Review


As Public Schools Embrace Technology, Cybersecurity Incidents Grow Both More Common and More Significant

Published on February 08, 2019

According to a first-of-its-kind report released today by the K-12 Cybersecurity Resource Center, The State of K-12 Cybersecurity: 2018 Year in Review, public K-12 education agencies across the country experienced a total of 122 cybersecurity incidents during calendar year 2018. Many of these incidents were significant, resulting in the theft of millions of taxpayer dollars, stolen identities, tax fraud and altered school records. “Public schools are increasingly relying on technology for teaching, learning and school operations,” said Douglas A. Levin, president of EdTech Strategies and report author. “It should hardly be surprising, therefore, that they are experiencing the same types of data breaches and cybersecurity incidents that have plagued even the most advanced and well-resourced corporations and government agencies.”

The interactive report includes a timeline of local TV news reports of the “Top 10” cybersecurity incidents of 2018, which helps to portray both the variety and real-world impact of cyber incidents affecting public school students and educators.

Data for the 2018 report is drawn from publicly disclosed incidents – including data breaches, phishing attacks, ransomware and other malware incidents, and denial of service attacks – cataloged on the K-12 Cyber Incident Map. The map and underlying database capture detailed information about two inter-related issues:

  • publicly disclosed cybersecurity incidents affecting public K-12 schools, districts, charter schools and other public education agencies (such as regional and state agencies), especially those that occur on K-12 managed networks and devices, and
  • the characteristics of public school districts (including charter schools) that have experienced one or more publicly disclosed cybersecurity incidents.

Since 2016, the K-12 Cyber Incident Map has documented over 415 publicly disclosed incidents, which equates to a rate of about one new publicly reported incident every three days.

Ultimately, the goal of policymakers, technologists and school leaders must be to reduce and better manage the cybersecurity risks facing increasingly technologically dependent schools. “But make no mistake: keeping K-12 schools ‘cyber secure’ is a wicked problem – one that is assured to get worse until we take meaningful steps to address it,” said Mr. Levin. “This report and the ongoing work of the K-12 Cybersecurity Resource Center are only small, but necessary steps in a much longer journey.”

Staff Writer