Public School Districts ‘Outmatched’ By Cybercriminals: Lumifi Cyber Exec

Lumifi Cyber Field CISO speaks about the biggest cyberthreats public school districts face and how the company’s platform is designed to shore up their defenses.

Threat actors’ scopes are often set on the education sector as school districts have fallen victim to ransomware, data theft and even insider hacking.

Between Nov. 1, 2023, and Oct. 31, 2024, there were 1,075 cyber incidents, 851 with confirmed data disclosure in the education sector, according to Verizon’s 2025 Data Breach Investigations Report.

While Verizon’s report reveals some decline year over year in cyberattacks in the education sector, AI is fueling a rise in emerging threats that can propagate in the wild at unprecedented rates.

Michael Hamilton is a Field CISO at Lumifi Cyber, which provides security services for the education sector and other organizations. As someone with an extensive background in education security, Hamilton spoke with MES Computing about the biggest cybersecurity threats and challenges school districts are facing.

To ramp up their defenses, school districts must be vigilant about monitoring, Hamilton said.

“School districts are starting to wake up to the fact that they need to monitor their networks. It’s not all about prevention. It’s about limiting the impact of the thing that will definitely come,” Hamilton said.

“It’s not OK for the FBI to call and say, ‘Hey, all your student records are for sale online.’ So it’s monitoring, detection and response that that make the difference,” he added.

(Michael Hamilton, Field CISO, Lumifi Cyber)

School districts contend not only with external threats, but internal ones. Last year, the Atlanta-based Fulton County school district reported that “one or more students” had accessed a school’s IT systems, WSB-TV reported.

“It’s apparently really attractive for young folks to go into this kind of crime,” Hamilton, the former CISO of the city of Seattle, said. “That’s the other thing schools have to contend with—the insider threat.”

Why Education Is So Attractive To Cybercriminals

The very network infrastructure of many school districts may make them more of a target for cyberattacks.

“We [at Lumifi Cyber] monitor a number of school districts ... unfortunately, for the most part, [they] have very flat networks ... so the traffic is able to access the administrative side of the school district or the school. We see the doorknob-twisting that goes on,” Hamilton said.

The other reasons cybercriminals find schools so irresistible?

“No. 1, to extort them,” he said. “We say ‘ransomware.’ Ransomware is just one of these dumb cyber words, but it’s really extortion so they can snarl their network and try to get them to pay up. But for a small school district, that’s just impossible. They just don’t have that kind of money.”

Monetizing stolen data including personably identifiable information (PII) is another incentive.

“Really what the target is are the records. ‘Hey, pay us, and we won’t make these public.’ If they’re made public, a class-action suit can happen. Because you disclose privacy information in the California Consumer Privacy Act and other privacy statutes in other states, there’s a private right of action there so if your record is disclosed, you can join a class as a plaintiff and sue. So [cybercriminals] have a lot of leverage,” Hamilton said.

“They get these records, but more than for the purpose of extortion, they can monetize the records because students have pristine credit histories, and that information can be abused for a very long time before somebody finds out,” he added.

Social engineering, credential abuse/weak password controls and vulnerability exploits are the most common ways threat actors breach schools.

Hamilton explained how Lumifi Cyber helps school districts combat those threats.

Lumifi Cyber’s platform is “MDR, so managed detection and response,” he said. “Whatever products they have that aggregate events and can report on things ... your endpoint like Defender, CrowdStrike, stuff like that. We take those alerts, we monitor,” he said.

“There’s got to be some kind of network detection. So we say, ‘Hey, this asset just looked up the IP address of something we know to be really bad.’ And if they’re looking up that IP address, something could be going on. That’s the network level. Their cloud stuff ... Microsoft, 365, Azure, we pull in the data that they can give us. We make sense out of all that and run a SOC operation so that school districts don’t have to hire 12 people to be on staff 24x7,” he said.

For school districts and many other similar organizations, warding off threats is a continuous battle. There’s the underfunding, and there seem to be an infinite number of threats and bad actors.

“[Public schools are] outmatched and, unfortunately, there’s a lot of domestic actors now because of the Russian affiliate model, ransomware-as-a-service ... these scattered spider characters,” Hamilton said.

Cybersecurity As Personal Cause

Hamilton is entrenched in the cybersecurity world not just professionally, but has taken it on as a personal cause with his nonprofit, Pisces (which is not affiliated with Lumifi Cyber). The nonprofit works with young people who are interested in cybersecurity and provides no-cost cybersecurity for public organizations.

“Through this Pisces nonprofit, we’re really trying to get younger people to be on the good side of [cybersecurity]. We’re training analysts. Analyst is the fifth-fastest growing job in the country,” he said.

“We’re trying to move the needle in the right direction here. Part of what we do is we monitor school districts and part of what we do is offer a K-12 program ... to get them interested early. So hopefully we’ll win,” he said.