K12 schools should brace for continued cybersecurity threats as more highly sophisticated methods of attack emerge, one expert predicts.
In this Q&A, District Administration sits down with James Turgal, vice president of global cyber risk and board relations at Optiv, to learn what cybersecurity-related trends will shape the 2025-26 school year, and how you can prepare for the worst.
Do you foresee shifts in the types of attacks that schools should prepare for?
Schools should brace for both the persistence of current threats and the emergence of more sophisticated attack models. There are two critical realities every school must prepare for.
First, the threats of today aren’t going away tomorrow. Ransomware, phishing and DDoS attacks remain highly effective, and attackers will continue to refine these tactics, making them faster, stealthier and harder to detect. In many cases, the same vulnerabilities that are being exploited now will be targeted again unless they are remediated.
Second, cybercrime is becoming more organized, scalable and accessible. The rise of service-based attack models, including ransomware-as-a-service and phishing-as-a-service, lowers the barrier for entry, enabling even low-skilled actors to launch sophisticated attacks with minimal effort. These models also increase the volume and frequency of attacks, meaning schools will have less time to respond between incidents.
For schools, this means preparation must be two-fold:
- Strengthen defenses against the “known” attack types by closing existing security gaps.
- Build resilience against emerging, service-based threats with layered defenses, faster detection and a well-rehearsed incident response plan.
More from DA: Few schools are closing now. Enrollment might change that
How prepared are most school districts for a significant cyberattack?
Unfortunately, most school districts are still not fully prepared to manage a significant cyber incident. Many lack the foundational capabilities needed to respond quickly and effectively when an attack occurs. This shortfall often stems from persistent budget limitations, staffing shortages and competing operational priorities.
As the new school year approaches, IT and security teams face a daunting challenge: protecting increasingly complex school networks against a rapidly evolving threat landscape, often with constrained budgets and minimal personnel.
The good news is that even with limited resources, districts can learn from recent industry incidents and take meaningful steps toward readiness. By focusing on the highest-impact security fundamentals, schools can significantly reduce their risk and improve their ability to bounce back after an attack.
Finally, what advice would you give to a superintendent or IT director who feels overwhelmed by the complexity of cybersecurity?
Focus on the fundamentals first. Cybersecurity can feel complex, but building a strong foundation doesn’t have to be. Start with proven, high-impact measures that strengthen both protection and resilience, including:
- Require strong passwords as a baseline, ensuring they meet complexity and rotation standards.
- Fortify credentials with multi-factor authentication (MFA) wherever possible, as it’s one of the simplest and most effective ways to prevent breaches.
- Implement reliable data backup solutions, which are vital for compliance and daily operations and invaluable in recovering quickly from ransomware or other disruptive incidents.
- Adopt a multi-layered defense strategy, combining firewalls, antivirus, anti-malware tools and encryption to protect against different types of threats.
- Invest in cybersecurity awareness and training for both staff and students because human error is often the weakest link and the easiest to strengthen.
- Develop and regularly test an incident response plan so everyone knows exactly how to act when an incident occurs. Speed and clarity can drastically reduce damage.
Finally, you don’t have to fight this invisible battle alone. Identify a few trusted external partners—like your state education technology consortium, local FBI InfraGard chapter, Information Sharing Alliance Council or regional cybersecurity center—who can support incident response and provide early-warning alerts for your region.
If possible, organize or join peer groups with nearby districts to share best practices and resources. By starting with these essentials, schools can build confidence, reduce complexity and create a solid security posture that grows over time.
