Cyberattacks continue to plague the education sector, and they’re only intensifying.

Since 2016, there have been 855 cyber incidents publicly disclosed by U.S. schools and districts, according to data from the K–12 Cybersecurity Resource Center. There were 348 in 2019 alone, nearly three times the number in 2018.

With the increased use of technology for teaching, learning and continuing school operations in today’s remote environment, schools have also become more vulnerable to cyberattacks.

Microsoft Security Intelligence found that 61 percent of nearly 7.7 million enterprise malware encounters reported in the past month came from those in the education sector, making it the most affected industry.

Doug Levin, founder and president of EdTech Strategies, which runs the K–12 Cybersecurity Resource Center, shares with Education Week that the coronavirus pandemic presented cybercriminals with new opportunities as schools shifted to remote learning.

“With more teachers and students online, particularly if they’re doing it from less controlled environments outside of the school, the attack surface of the school community is increased,” he says.

Thankfully, cybersecurity remains a top concern among IT leaders. It was the No. 1 priority they indicated in a 2020 educational technology leadership survey conducted by the Consortium for School Networking (CoSN).

Yet planning for a strong cybersecurity program will be tricky with uncertainties around what the next school year will look like. “The shift to remote learning opens the door for different points of attack that most school districts weren’t set up to support,” says Amy McLaughlin, cybersecurity project director for CoSN. “They’re vulnerable in different ways.”

To inform that preparation, here’s what school districts should know about the state of cybersecurity today and where it’s heading.

MORE ON EDTECH: Discover best practices for securing a work-from-home environment.

Why Cyberthreats to Schools Have Escalated

Besides IT staff, administrators, educators and other school employees need to understand how serious cybersecurity risks are. Those risks aren’t going away anytime soon, because cyberattackers view schools and districts as easy targets, McLaughlin says. “People generally know they’re not as well-funded for security,” she says.

For a long time, school districts also believed that they didn’t have anything bad actors would find worthy of taking — which is incorrect. “They don’t necessarily translate the concept of data into value,” McLaughlin says.

Many school districts also lack the resources needed to build a strong cybersecurity program, says Linnette Attai, founder and president of PlayWell, a compliance consulting firm, and project director for CoSN’s privacy initiative and trusted learning environment program.

“In many school systems, you don’t even have a full-time employee who is dedicated to cybersecurity,” Attai says. “Oftentimes, you have someone who is also responsible for the technology or responsible for privacy.”

That resource challenge also comes with a knowledge and experience gap. Some districts don’t have employees who have the expertise to effectively manage cybersecurity and develop engaging and ongoing training for the rest of the school or district.

“Building a cybersecurity program is a significant undertaking, and that’s not easy. It needs to be built from the ground up,” Attai says.