Education Sector a Prime Target for Cyber Criminals, Expert Warns

In 2022, the Waterloo Region District School Board (WRDSB) fell victim to a cyberattack that compromised the personal information of both current and former employees, as well as student data. The board ultimately paid an undisclosed ransom to have the stolen data deleted.

WRDSB was neither the first nor the last school board to be targeted by cybercriminals. Experts indicate that school boards are becoming increasingly popular targets due to vulnerabilities in their cybersecurity infrastructure.

Dr. Ali Dehghantanha, a University of Guelph professor and Canada Research Chair in Cybersecurity and Threat Intelligence, highlighted these concerns on The Mike Farwell Show. He pointed out that the education and agri-food sectors are among the most vulnerable, as they have struggled to implement effective cybersecurity policies and technologies.

“The first step is to conduct a vulnerability or security risk assessment,” Dehghantanha advised. “The second is ensuring boards receive reports at least twice a year on the current state of cybersecurity at other schools.”

A major issue, he explained, is the lack of standardized security guidelines for school boards.

“There are no security standards to help school boards choose vendors or assess which ones offer better protection from a security standpoint,” he said.

Dehghantanha recommends that school boards collaborate and share best practices to strengthen their defenses. He emphasized the stark reality of cybersecurity risks in education:

“When I speak with school boards, I tell them—either you invest in improving your cybersecurity or you pay the ransomware. That’s your choice.”