Aug 06 2025
Security

DDoS Attacks Double as the School Year Starts

Cybercriminals target organizations at their busiest times, but training can prepare K–12 staff to identify and thwart attacks.

Cybercriminals are strategic. They plan to hit institutions with cyberattacks at their busiest and most vulnerable times, like the start of the school year. Phishing, ransomware and distributed denial-of-service attacks can quickly complicate an already chaotic time of year.

Data from NetScout's Cyber Threat Horizon examines trends in cybercriminals’ activity, showing when and how they’re targeting schools. Anticipating periods of vulnerability can help K–12 IT leaders prepare for these attacks with training and technologies.

Click the banner below to learn how to become more cyber resilient this school year.

 

Cyberattacks Spike at the Start of the School Year

DDoS attacks on educational services nearly doubled in August and September 2024 compared with June and July, according to the NetScout data. This aligns exactly with the beginning of the academic year for most schools in the U.S.

Thirty-five percent of K–12 students start public school between Aug. 16 and Aug. 31, according to an MDR Education report. Only 16% start school after the last day of August, while 47% start before August 16, the report says.

On this timeline, August and September are precisely when teachers and other staff are readjusting to the rhythm of the school year, managing the responsibilities of their workdays and acclimating classrooms full of new students. This makes it easier for cybercriminals to deceive educational staff, who are juggling these other responsibilities.

STAY PROTECTED: Endpoint security solutions help keep schools safe from phishing threats.

Training K–12 Staff Early Is the First Line of Defense

In addition to dealing with competing priorities and limited bandwidth, school staff are also more vulnerable to cyberattacks because they’re eager to be helpful. This, combined with limited cybersecurity training and resources, makes schools more susceptible to attack. Educational support services were the third-most-attacked industry in the second half of 2024, according to NetScout's Threat Intelligence Report from 2H.

Training can enhance education’s first line of defense: its people. As the World Economic Forum points out, humans are often the reason for the success of cyberattacks against their organizations, due not “to people’s negligence but to the increasing sophistication of how cybercriminals operate.”

Employees need training to help them understand and identify these more sophisticated attacks, but the CDW Cybersecurity Research Report found that 36% of education respondents say that gaps in their security are the result of insufficient or ineffective employee cybersecurity training. Thirty-one percent say that an incomplete understanding of how AI affects security creates a gap in their approaches. Education institutions should turn to security experts for help preparing their staff for back-to-school cyberattacks.

NEXT STEPS: Optimize cyberdefense in your K–12 schools with managed security services.

StockPlanets/Getty Images
Close

New AI Research From CDW

See how IT leaders are tackling AI opportunities and challenges.