Cybersecurity in the education sector has never been more critical. Schools, colleges and universities are increasingly targeted by cybercriminals, with ransomware attacks, data breaches and phishing scams posing serious threats to student and staff information. The challenge lies in balancing the need for open collaboration with robust security measures, especially in a digital-first learning environment. From Zero Trust frameworks to encryption and AI-driven monitoring, institutions must adopt modern strategies to stay ahead of evolving cyber-risks. In this feature, AJ Thompson, CCO at Northdoor; Stefano Lodola, Founder and Course Author at Think in Italian; and Vichai Levy, VP R&D, Overseeing Architecture at Protegrity, explore the pressing cybersecurity challenges facing education and the solutions that can help mitigate them.
AJ Thompson, CCO at Northdoor
Balancing open access with cybersecurity is a pressing challenge in today’s hyperconnected environment. For institutions like schools, colleges and universities, which prioritise collaboration and learning, the risks posed by cyberthreats have grown exponentially. Traditional approaches to cybersecurity that rely on securing the network perimeter are no longer sufficient in a world of flexible working, cloud-based systems and personal devices.
A Zero Trust security model offers a practical framework for addressing these challenges. The core principle of Zero Trust is simple: Trust Nothing, Trust Nobody. This means treating every device, user and system as a potential threat until it has been verified. For educational institutions, this approach ensures that students, faculty and staff only gain access to resources they are explicitly authorised to use, reducing opportunities for both insider and external threats.
Key to this strategy is layered security applied across all aspects of the network, including users, devices, applications and databases. For example, students accessing online learning platforms can be given permissions limited to those systems, while staff working remotely use multi-factor authentication to verify their identities. Such measures ensure that access is granted only when necessary and appropriate.
AI plays a critical role in enhancing this framework. AI-driven tools can monitor networks in real time, flagging suspicious activity such as unusual login patterns or unauthorised data transfers. These systems can triage alerts, helping cybersecurity teams focus on the most urgent threats and respond quickly to mitigate potential breaches.
The shift to hybrid learning and increased connectivity also creates new vulnerabilities, such as phishing campaigns and ransomware targeting students and staff. By adopting a Zero Trust model, educational institutions can proactively address these risks while maintaining the openness needed for collaboration and learning.
Ultimately, the goal is to strike a balance between security and accessibility. A comprehensive Zero Trust approach doesn’t restrict legitimate users but ensures that sensitive data, systems and resources are protected against a constantly evolving threat landscape. Educational institutions must recognise that relying on outdated strategies is no longer viable and that adopting modern, adaptive solutions is essential to staying secure in an increasingly complex digital environment.
Stefano Lodola, Founder and Course Author at Think in Italian
Before becoming an educator and course author, I experienced working as a CISO in the education sector. I would say that balancing open access to information with cybersecurity risks requires a different approach, and a multi-faceted one at that. I would like to acknowledge that universities thrive on the sharing of open information and collaboration which creates a unique point for vulnerabilities. That is why, for me, a uniform security strategy will not be effective and there is arguably a need to create a strategy that considers the unique needs of the institution.
To mitigate these risks, it is so important that one must conduct thorough risk assessments to pinpoint vulnerabilities specific to the institution. This includes evaluating the security of research data, intellectual property and student information. I would also prioritise compliance with regulations such as FERPA, HIPAA, GLBA and GDPR. Continuous monitoring of systems and networks would also be a priority using robust tools to detect and respond to threats. It’s also important to foster a security-conscious culture within the institution.
I would also need to create an incident response plan to minimise any damage and ensure a swift recovery in the event of a breach. Finally, I would make sure of staying up-to-date on emerging threats and technologies to keep the institution ahead of potential issues on cybersecurity.
Vichai Levy, VP R&D, Overseeing Architecture, Protegrity
The frequency of data breaches in the education sector surged in 2023, compromising the private information of students, parents and educators. This highlights a significant vulnerability: while schools increasingly rely on digital tools and platforms to enhance learning, many lack robust cybersecurity measures to safeguard sensitive data.
According to a report from Sophos, 80% of K–12 schools and 79% of higher education institutions in the U.S. were hit by ransomware attacks in 2022, a sharp increase from previous years. These incidents highlight the growing threat to educational institutions, where cyberattacks often exploit system vulnerabilities, putting student and staff data at serious risk.
Weak cybersecurity measures have made educational institutions attractive targets for cybercriminals. Data from the 2024 Sophos State of Education report revealed that 85% of ransomware attacks on K–12 schools and 77% on higher education institutions involved data encryption. The financial toll has been significant, with the cost of recovering from attacks doubling for K–12 schools and quadrupling for universities.
A key issue is that educational institutions often disclose data breaches slowly. For instance, only 29% of K–12 schools publicly disclose cyberattacks, though the actual number of incidents is likely higher. This lack of transparency increases risks significantly, as individuals may remain unaware their personal information has been compromised for an extended period, making it harder to prevent further misuse of stolen data.
To better defend against cyberthreats, CISOs in the educator sector must prioritise investing in comprehensive data protection solutions. Encryption and tokenisation are two powerful techniques that can help shield student and teacher data by making it useless without proper decryption keys. Even if attackers breach a system, encrypted data remains inaccessible.
Schools must also adopt transparent cybersecurity policies. It is crucial to work with external vendors to ensure all digital tools and platforms meet strict security standards. Additionally, promoting cybersecurity awareness among parents, educators and students can reduce the risk of human error, such as falling for phishing scams.
While the education sector is often overlooked in discussions about data security, it is undeniably a high-value target in today’s threat landscape. Protecting all data is important, but safeguarding the personal information of young students is especially critical. By investing in the right data protection technologies and fostering a culture of cybersecurity, schools can improve their defences and protect the futures of both students and educators.
