Attackers School Day: Cyberattacks on the Education Industry

In today’s knowledge economy, the education industry plays a vital role in societal and economic growth. The education industry comprises of all institutions and activities that aims to provide education and can be anywhere from early childhood education to higher education and professional development. With this, the education industry has become a pot of gold for attackers given that the industry is filled with valuable data. 

Educational institutions fail to recognize the importance of cybersecurity. As reported by Moody’s in 2023, higher education institutions only allocate 7% of their budget to cybersecurity. Due to the limited resources, many institutions rely on outdated tools that tend to be more vulnerable to attacks and lack the means to adequately secure their systems. As a result, 39% of the universities took over a month to recover from attacks. 

According to Sophos, education is the fourth most targeted industry, following federal governments, healthcare, and oil/utilities. In 2024, Check Point reported that most attacks were found to be from exploiting system vulnerabilities and the APAC region witnessed 6,002 weekly attacks, the highest in the world.  

Research conducted by Sophos in 2024 found that 63% of lower education and 66% of higher education institutions were hit by ransomware and attackers successfully encrypted data in 85% and 77% of the cases, respectively. They threatened institutions for ransom in return for the decryption key. Alarmingly, 62% of lower education and 67% of higher education institutions paid the ransom.  

Let’s look at some recent notable attacks: 

The British Library: In October 2023, the Russian Rhysida group hacked the British Library, stealing approximately 600GB of data. After the library refused to pay a 20-bitcoin (~RM 7 million) ransom, the data was leaked. Recovery cost the institution around £6–7 million (~RM34 – RM40 million) and disrupted all research access. 

Highline Public School District: In September 2024, the Highline Public School District in Washington State was closed for two days after a ransomware affected nearly 93,000 students’ data. Consequently, the district spent $240,000 (~RM 1 million) to recover the stolen data. 

Mobile Guardian: In August 2024, a global cyber-attack targeting the device management mobile app Mobile Guardian remotely wiped all host devices, affecting 13,000 students across 26 schools in Singapore. Students who did not have backups could not recover their data.  

Malaysia Ministry of Education Data Breach: In 2018, the Schools Examination Analysis System (SAPS) was temporarily shut down for a day after an alleged SQL injection compromised about 4.9 million students and parents’ MyKad details.  

Apart from the usual data breach consequences such as financial loss, reputational damages and legal trouble, educational institutions will also face massive repercussions with: 

Impact on Research and Grants – Losing years of research data can significantly hinder researchers’ progress. Disrupted timelines and diminished trust can jeopardize future investments or funding renewals.  

Heighten Political Tensions – Cyberattacks on educational institutions, especially from state-sponsored threat actors, can trigger debates on national security, academic freedom, the protection of sensitive research, and even international espionage. 

Operational Disruptions – The downtime and system failures lead to delay in administrative tasks such as enrolment, assignment submissions, application processes, and transcript distribution. Thus, the disruptions will overwhelm staff members, causing further delays, like graduations and errors. 

To minimise the risks, the education industry must adopt proactive cybersecurity stance:  

• Allocate a dedicated portion of the IT budget to cybersecurity: Treating cybersecurity as its own sector ensures focused investment in protecting organizational systems and data. 

• Accept that no system is 100% safe and focus on minimalizing loss: No system is 100% attack-proof, so it’s better to prepare for the worse. 

• Implement a disaster recovery plan: Regularly backup data and ensure a secured channel for post-attack communication. 

• Conduct cybersecurity awareness training for staff and students: Promote a culture where everyone understands their role in protecting the organisation’s data and systems. 

As the education industry continues to digitalise, it becomes an increasingly attractive target for cyber attackers; cybersecurity can no longer be an afterthought. As such, governments are stepping in to address the cybersecurity gap in the education industry. The stakes are high, but with the right strategies, the education industry can safeguard its mission in this digital age. 

Not sure where to begin? Reach out to us today and let’s discuss how we can secure your digital future.