Cybersecurity: Why educators are targeted by cyberattacks and how they can be prevented

Cybersecurity
Written By Rachel Lawler

Cybersecurity is increasingly in the spotlight in recent months, thanks to high profile hacks and attacks on retailers, banks and websites hitting the headlines almost every week. While not often considered a priority target for hackers, education institutions frequently use legacy systems, while also handling sensitive information, which can leave them vulnerable to cyber attacks. 

In February, the issue was brought into sharp focus when U.S. software cloud software provider PowerSchool disclosed that personal information from its student information database had been stolen in a cybersecurity incident in December 2024.

In May, PowerSchool shared that it was “aware that a threat actor has reached out to multiple school district customers in an attempt to extort them” using data stolen in the December 2024 incident. 

While it reassured its customers that this was not a new incident, PowerSchool also shared that it had previously decided to pay the hackers a ransom in order to prevent the data being made public. “We recognize how this incident has affected our customers and are here to help as we navigate the path ahead together,” it added. 

Dr Darren Williams, Founder and CEO at leading ransomware prevention provider Blackfog, says the PowerSchool incident shows how ransomware is evolving beyond encryption. “Today, it’s about data theft - and over 95% of publicly disclosed ransomware attacks now involve data exfiltration - making encryption-only attacks virtually obsolete.

“In this case, even after a ransom was paid, attackers reportedly continued targeting individual school districts for additional payouts. That’s the harsh reality of double extortion: once data is stolen, threat actors hold the upper hand indefinitely.

“This trend also makes attacks harder to detect and defend against. It’s not just about locking down systems anymore – it’s about identifying and stopping data from being exfiltrated in real time.” 

Cyberattacks have also impacted educators across the world. In the UK, Blacon High School in Cheshire closed for several days in January 2025 after a ransomware incident that left the school unable to access the internet, affecting all communications and causing significant disruption.

In Greece, the country’s public administration network, SYZEFXIS, delayed national high school exams in May following a large-scale cyberattack. A denial-of-service attack temporarily disabled access to key government platforms, including the Education Ministry’s “Exam Question Bank.”

Why are educators vulnerable to cyberattacks?

Williams tells ETIH that the education sector is particularly vulnerable to attacks. “Firstly, it has a treasure trove of data that cybercriminals can leverage, such as information on students, parents, and teachers themselves. Secondly, the education sector has a lot of legacy infrastructure and has underinvested in cybersecurity protection. These two factors make education a much easier target,” he explains.

The UK government’s Cyber security breaches survey 2025 found that 60 percent of secondary schools, 85 percent of further education colleges, and 91 percent of higher education institutions had experienced a cybersecurity breach in the last 18 months in 2024.

The most common causes for cyberattacks were:

  • phishing attacks

  • impersonation

  • viruses, spyware, or malware

Cindi Carter, Global Chief Information Security Officer at Check Point Software, a provider of security products, tells ETIH part of the issue is the very nature of education institutions. “Educational environments are designed for openness, collaboration, and access – not restriction,” she explains. “This culture of accessibility, while vital to learning, makes it harder to enforce traditional security boundaries. Add to that a diverse user base – from young students to faculty to third-party vendors – and you have a complex attack surface that’s ripe for exploitation.”

Similar to other industries, third-party software and digital tools can make it more difficult for educational institutions to control their security. Williams explains: “The supply chain is very difficult to control. As we have seen with the Marks & Spencer, Co-op, and UNFI attacks, a single vendor can bring major organizations to their knees.”

Carter adds: “Developed for agility and user experience, many edtech solutions are not secure by design. Rapid adoption during the pandemic only amplified the risk, as schools rushed to deploy tools without fully vetting their security postures or understanding data-sharing implications.”

What can the education sector do to enhance cybersecurity?

Suppliers that are responsible for attacks must be held accountable, Williams says. He adds: “It is important that these EdTech providers are held accountable from a security perspective and have, at minimum, a SOC 2 certification.” 

However, Carter says EdTech providers can also help to strengthen cybersecurity. “Platforms that embed strong identity management, encryption, secure APIs, and real-time threat detection can become part of a school’s defense strategy rather than a liability. The future lies in secure-by-default edtech that integrates seamlessly with a school’s broader risk posture.”

Education institutions also need to be ready to adapt to the constantly changing nature of threats and attacks. “Traditionally, the focus has always been on border protection products such as firewalls and endpoint detection and response, which provide the first line of defense,” Williams explains. “More recently, efforts are more focused on anti data exfiltration to ultimately stop the goal of the attack: data loss. Without the data, the attackers have nothing to leverage, which ultimately mitigates the breach and therefore the ransom, remediation, reporting, and class action lawsuits that often follow these attacks.”

Transforming education with robust security

A robust cybersecurity plan can be transformative. In 2023, Birmingham City University partnered with Wavenet to implement its cybersecurity strategy. The project was initially intended to support the university only during its busy summer clearing period, but has since moved to a year-round policy as the number of cyber threats increases.

The partnership provides end-to-end data protection that guarantees continued access so that systems can be restored in the event of an attack. Staff are also given a dedicated space to resume their operations immediately in the event of any disruption and resilient power infrastructure aims to provide critical services even during infrastructure attacks. 

Matt Peers, Senior Project Manager for BCU explains: “The shift to a permanent business continuity and cybersecurity strategy has been transformative. With Wavenet’s expertise, we’ve moved from firefighting to futureproofing, ensuring we can protect our students, staff and operations every day of the year.” 

“Our partnership with BCU showcases exactly what’s possible when universities treat resilience as a strategic imperative, rather than a seasonal inconvenience,” adds Nick Shea, Director of Education at Wavenet. “As high-profile stories of cyber threats continue to make headlines, let’s ensure that robust business continuity and disaster recovery move from being afterthoughts, to central pillars of every university’s strategic planning.” 

Check Point’s Carter adds that all EdTech providers need to design for trust. “This means building security and privacy controls from day one, not bolting them on later. Be transparent with school customers about how data is stored, processed, and protected. Provide secure configuration defaults and invest in regular external audits to ensure your product meets or exceeds security standards,” she explains. 

“In today’s competitive landscape, trust is a competitive advantage,” Carter adds. “Edtech providers who lead with security will not only win contracts – they’ll protect futures.”

Featured
Starring MIT, Attensi, AI and more: ETIH rolls out the biggest education technology news stories of the week
Starring MIT, Attensi, AI and more: ETIH rolls out the biggest education technology news stories of the week
Coventry University celebrates as first students from its joint institution on Hainan Island, China graduate
Coventry University celebrates as first students from its joint institution on Hainan Island, China graduate
mthree report: UK tech employers rethinking long held assumptions about what makes graduates hireable
mthree report: UK tech employers rethinking long held assumptions about what makes graduates hireable
12 teachers recognised in campaign celebrating exceptional educators and inspiring space-related careers
12 teachers recognised in campaign celebrating exceptional educators and inspiring space-related careers
New report names Switzerland as a deep tech powerhouse as start-ups generate more than $100 billion in value
New report names Switzerland as a deep tech powerhouse as start-ups generate more than $100 billion in value
Becker Academy launches new Learning Management System and courses with the University of Missouri
Becker Academy launches new Learning Management System and courses with the University of Missouri
AI-powered early childhood resources selected as winners in Isle of Man Innovation Challenge 2025
AI-powered early childhood resources selected as winners in Isle of Man Innovation Challenge 2025
USEFULL launches buyback program at universities and colleges, replacing ineffective plastic reuse systems
USEFULL launches buyback program at universities and colleges, replacing ineffective plastic reuse systems
New Teacher Tapp data finds significant decrease in access to devices in England’s schools
New Teacher Tapp data finds significant decrease in access to devices in England’s schools
STEM scheme Young Coders says almost half of participants are girls as competition announces 2025 winners
STEM scheme Young Coders says almost half of participants are girls as competition announces 2025 winners
At least 1.65 million primary and secondary school students in England may not be ready for next stage of learning
At least 1.65 million primary and secondary school students in England may not be ready for next stage of learning
AI revolution has exacerbated the data skills gap, costing billions, Multiverse research finds
AI revolution has exacerbated the data skills gap, costing billions, Multiverse research finds
Aria’s AI education platform BrainFreeze to enable schools and districts to build AI assistants with new update
Aria’s AI education platform BrainFreeze to enable schools and districts to build AI assistants with new update
Kahoot! shifts gears with Tour de France partnership to launch interactive learning content
Kahoot! shifts gears with Tour de France partnership to launch interactive learning content
Amplify launches AI–powered custom speech recognition promising to support next-generation voice-enabled learning
Amplify launches AI–powered custom speech recognition promising to support next-generation voice-enabled learning
Pearson and Google Cloud join forces to build AI-powered tools for K-12 learners and educators
Pearson and Google Cloud join forces to build AI-powered tools for K-12 learners and educators
Verax AI launches Verax Protect aiming to safeguard companies against rising security risks of AI 
Verax AI launches Verax Protect aiming to safeguard companies against rising security risks of AI 
The Social Institute shares new screen-free offline lessons for K-2 focused on foundational skills 
The Social Institute shares new screen-free offline lessons for K-2 focused on foundational skills 
Casio America updates its EdTech team with two new leaders and a streamlined calculator portfolio
Casio America updates its EdTech team with two new leaders and a streamlined calculator portfolio
Norwegian Minister of State visits office of gamified training and behavior change provider Attensi in London
Norwegian Minister of State visits office of gamified training and behavior change provider Attensi in London
Rachel Lawler
Next

Bringing coding to life in elementary classrooms through game-based learning