Why are K-12 Institutions a Target?

K-12 schools were targeted by 166 separate cyber attacks across 38 states during 2021. While attacks were down from 2020, a record-high year for K-12 cyber attacks due to virtual learning, this is still an extraordinarily high number. The most frequent incident type was ransomware, making up about 37% of all attacks.  

But why are schools being disproportionally targeted? K12 Security Information Exchange (K12 SIX) reports that students’ personal information could be the objective. It’s been reported that students as young as first grade have had their identities stolen and didn’t know until years later when they applied for a line of credit or attempted to rent an apartment. K-12 school s are at-risk but often do not have the resources to appropriately combat that risk.

Why is That?

K12 schools are notoriously underfunded, which generally translates to a lack of resources. Lack of funding is the number one security concern for K-12. Year after year school budgets are being cut and IT services are cut pretty quickly. It’s also worth noting that the IT department of most K-12 schools is understaffed. So, with a lack of funding and staff, it’s hard to implement, let alone maintain a strong cyber security posture. 

2020 posed new issues. A lot of schools rapidly transitioned to virtual learning in the early months of the pandemic. Teachers and students alike were now utilizing new software for classes, graduations, meetings, and other imperative events. School’s resources were stretched and plenty of mistakes were made, leading to vulnerabilities in the system. For example, “Zoombombing,” where bad actors interrupted private videoconferencing calls, started to surface while other cyber attack methods, i.e. ransomware, continued to strike.  

What Can You Do To Protect Your Institution?

There are a few general things schools and businesses alike can do to improve their security posture, but, as K-12 institutions oversee high-value data, they need to go beyond the basics when it comes to security. 

Get An Assessment

It’s difficult to safeguard information without knowing where you are vulnerable. A security assessment or a penetration test can give your organization the insights required to prepare a game plan and strategically improve your overall security posture. 


CISOs (Chief Information Security Officers) are highly sought and for good reasons. CISOs have specialized experience used to lead organizations, develop and manage their cyber security programs, and execute security program objectives. VCISOs, or virtual CISOs, are a practical option for an organization that may have trouble hiring a CISO on their own.  

Strategic Partnership

Outsourcing is an underrated resource for the understaffed and underfunded. Utilizing a third-party partner can be helpful as they bring in extensive industry experience and ingenuity to provide solutions to fit your needs. Some see outsourcing as a waste of already limited resources, but outsourcing is an effective way of getting valuable resources at your disposal. 

GMI Educational Institution Cyber Security

GMI is prepared to meet the unique needs of your institution. We are deeply experienced in the nuances related to cyber security and we understand that proper security posture is no longer just a recommendation, but a necessity to protect your system. GMI offers 24/7 Security Monitoring for effective incident response as well as assessments such as Vulnerability Assessments and Social Engineering Assessments intended to give your organization all of the knowledge needed to make confident decisions related to cyber security.  

Consult our team of experts for help with your educational institution’s security needs! 



Aaron Sierra, Director of Solution Architecture at GMI, is a passionate cyber security leader and consultant with nearly two decades of developing, leading, and advising diverse security programs. Leveraging this deep experience, Aaron advises security programs of all sizes and maturity levels with highly-differentiated security solutions that address the most daunting security challenges of each unique organization. He is also an avid surfer who strives to make regular appearances on the waves near his home in southern California.