Subscribe to receive notifications of new posts:

Cloudflare Helps K-12s Go Back to School


5 min read

While Federal funding programs focus on providing connectivity to students and staff, security is often an afterthought and reallocating funds to protect the network can become a challenge. We are excited to announce our Back to School initiative to further support our mission to provide performance and security with no trade-offs.

From start to finish, education customers will work with our dedicated Public Sector team, well-versed in the specific technical environments and business needs for K-12 districts. Your IT team will have access to 24/7/365 technical support, emergency response and support during under attack situations, and ongoing training to continuously help improve your security posture and business continuity plans.

Attacks Against K-12 Schools On The Rise

Public schools in the United States, especially K-12s, saw a record-breaking increase in cybersecurity attacks. The K-12 Cyber Incident Map cataloged 408 publicly-disclosed school incidents, including a wide range of cyber attacks; from data breaches to ransomware, phishing attacks, and denial-of-service attacks. This is an 18 percent increase over 2019 and continues the upward trend in attacks since the K-12 Cyber Incident Map started tracking incidents in 2016. To support our public education partners, Cloudflare has created a tailored onboarding experience to help education entities receive enterprise-level security services at an affordable price.


The public school system serves over 50 million students and employs nearly 6.7 million people, making it the largest industry by employment in the United States. This government-funded, free education system creates a market size of nearly $806 billion. Schools partner with technology companies for student resources and overall operations, and use SaaS applications and cloud deployments to control costs. Investing in these products and services allowed schools to transition to remote learning during the pandemic and continue educating students.

Despite their reliance on connectivity and technology, school districts rarely invest enough in cybersecurity to combat the high risk of attacks. Cybercriminals see public schools as ‘soft targets’ as they hold a lot of valuable data.

Ransomware attacks make data vulnerable to exposure and block access to a school district’s network. Baltimore County, Maryland schools experienced an attack in November 2020 that shut down schools for two days for 111,000 students, and cost the school system over $8 million to recover.

In September 2020, Toledo Public Schools in Ohio experienced a data breach by the Maze ransomware cartel. Maze posted 9 GB of compressed data that included sensitive student and employee data from at least 2008 to 2017. Less than six months later, in February 2021, parents received identity theft and credit fraud notifications involving their children.

Phishing attacks also continue to be a headache for K-12 school districts. The median amount stolen in attacks are \$2 million and, in 2020, \$9.8 million was stolen from a single school district.

Between the high rate of cybersecurity attacks in 2020 and into the first half of 2021, things are not slowing down, and education entities will continue to be targeted, whether it be directly or indirectly.

The Move to Modern

As it became a focus for K-12 Districts to modernize and move physical infrastructure into a more flexible, scalable solution, many school districts were looking for a way to offload DNS onto a cloud-based offering. Leveraging Cloudflare’s global anycast network, we’re able to provide a single management console to handle application needs: Managed DNS with built-in DNSSEC, DDoS mitigation, and Web Application Firewall. You can learn more on how Mount Pleasant School District in Texas consolidated their web assets in our case study.

Where The Need Has Shifted

The pandemic has exposed network security gaps in education, leaving a few main areas open to vulnerability — namely open/exposed ports that allow malicious actors to stay under the radar and end-of-life software that no longer receives security updates or bug fixes.

As attackers become more sophisticated, it has become imperative that districts implement comprehensive network layer solutions to prevent outages, data breaches, and other cyber-related incidents. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a Joint Cybersecurity Advisory that provides recommendations for K-12 for stopping threats and attacks.

How Cloudflare One Can Help

Cloudflare One is a network-as-a-service solution designed to replace a patchwork of appliances with a single network that provides cloud-based security, performance, and control through one user interface.

While districts may be receiving DDoS protection from their upstream ISP, there are a few common issues we see with this setup:

  • ISPs typically use the same commodity devices that were being deployed up to 20 years ago in data centers.
  • The devices are typically set up in an “on demand” fashion so that if you begin to experience a DDoS attack they will need to first be notified before assisting. In many cases, if that appliance is overloaded or unable to withstand the size or complexity of an attack, healthy traffic may be dropped as well.
  • There is limited visibility into the source of the attack and a lack of control around putting security measures in place for future incidents.

As compared to hardware boxes and on-premise appliances, Cloudflare’s service is “always on”. This means we’re agile and will proactively take action in the event of an attack, the time to mitigate is as small as possible, and you get the added benefit of other services being layered into the defense in depth strategy (DNS, CDN, WAF).

Within Cloudflare One, our Layer 3 DDos Mitigation solution called Magic Transit, has helped districts like Godwin Heights stay online by blocking hundreds of large DDoS attacks (just within the first few weeks!). Using anycast and BGP to announce your IP space, Cloudflare absorbs traffic destined for your network and mitigates DDoS attacks closest to the source, before sending the filtered traffic back to your network over low latency paths for fast performance.

Another focus during the pandemic has been supporting remote students and staff. This continues to challenge IT security as we think about how to not only keep our networks up and running, but how to protect students and staff while on the network from phishing attacks, malware, and ransomware.

Cloudflare for Teams is composed of Access and Gateway. Access pairs with identity management systems to protect all internal applications. Gateway is designed to secure access to the outbound Internet through DNS and URL filtering, SSL inspection, and file upload/download policies, which ultimately protects users from malware, phishing, and other security threats. This added layer of protection provides your users access to the applications they need without sacrificing security or performance.

Please inquire at [email protected] for our special Education K-12 Pricing. We look forward to supporting you.

We protect entire corporate networks, help customers build Internet-scale applications efficiently, accelerate any website or Internet application, ward off DDoS attacks, keep hackers at bay, and can help you on your journey to Zero Trust.

Visit from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.
Cloudflare OneRansom Attacks

Follow on X


Related posts

May 30, 2024 12:12 PM

Cloudflare acquires BastionZero to extend Zero Trust access to IT infrastructure

We’re excited to announce that BastionZero, a Zero Trust infrastructure access platform, has joined Cloudflare. This acquisition extends our Zero Trust Network Access (ZTNA) flows with native access management for infrastructure like servers, Kubernetes clusters, and databases...