The education sector faces a growing complex of cybersecurity threats. The industry has been under high attack for several years already, with phishing, ransomware and denial-of-service attacks growing in frequency and ferocity. But what has blown the gates off is the forced move to remote and online learning in response to the health pandemic that began early in 2020. The education sector is ripe for massive disruption through ransomware attacks due to reliance on online learning platforms, and threat actors are taking the opportunity to wreak havoc at the most inopportune times. The lack of systemic preparedness is putting the sector in the crosshairs of threat actors; Microsoft reports that more than 60% of monthly malware attempts in Microsoft 365 are focused on the education sector, a number six times higher than the next closest industry.1Students themselves are a dangerous source of insider attacks and weaknesses, which run the gamut from the presumedly innocent sharing of login details for online classes through to unleashing denial-of-service attacks against school districts. In sum, something new and better must be done to enact cybersecurity defenses and develop approaches to safeguard institutions, the data they are responsible for, and the staff, faculty and students who work or study within.