Cyberattacks are escalating in sophistication, volume, and real-world impact, with education agencies continuing to be prime targets. Comcast’s 2025 Cybersecurity Threat Report analyzed 34.6 billion cybersecurity events over the last year, including:
- 4.7 billion phishing attempts that targeted human behavior
- 9.7 billion drive-by compromise attacks that required no clicks
- 44,000 distributed denial-of-service attacks that used short bursts to overwhelm defenses
- 19.5 billion resource-development events that showed investments in new tactics
The report also found a surge in “living off the land” techniques, where attackers blend into normal system activity by misusing legitimate tools.
SCOE Cybersecurity Awareness Challenge
In response to the evolving tech. landscape, the Sacramento County Office of Education (SCOE) sharpened its human defenses with an annual Cybersecurity Awareness Challenge, organized by its Computer Network and Technology Services department. “Cybersecurity isn’t just about firewalls today—it’s about people,” explained Alex Wilde, Cybersecurity Engineer. “Every smart decision a staff member makes helps protect our systems, our data, and ultimately our students.”
Each week in October, which is National Cybersecurity Awareness Month, SCOE employees received guidance focused on timely threats:
- Week 1: Social Engineering—spotting manipulative attempts to trick employees into sharing information or granting access
- Week 2: AI-Enabled Scams—recognizing deepfake audio, phishing scripts, and malicious links crafted by artificial intelligence
- Week 3: Ransomware Prevention Strategies—avoiding malware designed to lock access to essential systems and demand payment
- Week 4: Cyber Incident Reporting—using official channels to report suspicious activity immediately, with as many details as possible
Employees earned recognition and small rewards for completing cybersecurity training and reporting simulated phishing messages with Outlook’s “Phish Alert” button. Staff who mistakenly clicked on simulated bad links received constructive tips.
“I’m always grateful for these practice emails, and I help spread the word about cybersecurity by sharing the tips with others,” said one SCOE staff member. “I even have my mother or spouse sit with me when I watch the training videos. We talk about how convincing the scams are, and how even savvy people can be duped.”
This October’s initiative culminated with an in-person, Jeopardy-style cybersecurity event for staff, designed to boost learning, celebrate vigilance, and reinforce SCOE’s collective responsibility to stay alert. As threats become stealthier and more automated, SCOE emphasized a core message: Every employee plays a critical role in SCOE’s cybersecurity defense.
“Technology alone can’t stop attacks,” Wilde concluded, “but technology plus a vigilant workforce absolutely can.”