Glen Deskin is head of engineering for Check Point Software, a cybersecurity company with public-sector clients, including some in the education space. Deskin notes that phishing is a longtime threat and will remain one. As such, cybersecurity education around it needs to be ongoing.
Regular reminders, phishing simulations and targeted communication — such as newsletter content — will help users better recognize suspicious activity.
“We never see a decrease,” said Deskin.
Email is ubiquitous, and attackers keep using it because it works. Phishing emails, which continue to become more sophisticated, often contain links designed to trick users into revealing credentials. Once obtained, those credentials can give broader access to systems and be used in ransomware campaigns. The rise of generative AI has further complicated detection, as emails, graphics and computer-generated content become more convincing.
A February incident at an Oregon school district also highlights this threat. The district caught and corrected a phishing campaign that used a web form intended to capture user information, as reported by the Corvallis Gazette-Times. Leaders said that they’d been working for three years to strengthen their cybersecurity posture, and employee training was part of that work.
Ongoing incidents underscore how cyber attacks and data breaches impact not only educational organizations but also ripple out to the surrounding communities.
This week, Uvalde Consolidated Independent School District in Texas reopened its doors after a cyber incident forced school closures. On Sept. 14, South Lyon Community Schools in Michigan disclosed a breach. On Aug. 29, the University of Iowa’s health-care network reported a breach involving personal data. In June, a breach at Columbia University affected about 870,000 individuals, raising concerns about data exposure and identity theft. Not all institutions disclosed how the breaches happened.
Credential theft remains a key goal for attackers, Deskin said. According to Check Point Research, from January through July 2025, the education sector continued to be the most targeted industry worldwide, averaging 4,356 attacks per organization each week, a 41 percent year-over-year increase.
Because credential theft is a common goal, multifactor authentication (MFA) remains a baseline defense. Deskin noted that attackers aren’t after the credit cards of elementary school students, but they are looking for disruption, ransom or higher-level access. MFA can help stop them.
At this year’s Consortium for School Networking conference, North Kitsap Public Schools in Washington shared how it implemented MFA for students. Yet for many districts, budget or staffing may remain barriers. They may benefit from shared services or statewide offerings, but a combination of training, credential protection and collaboration can help reduce the risk and impact of attacks.
“Not everybody is trained in this, so it’s a continuing education effort,” Deskin said. “I think that the repetitive nature is what’s important.”
