Content area
Full text
Abstract: This study provides a framework and strategy for the creation of a cybersecurity culture in higher education institutions. Cybersecurity is identified as very important in higher education institutions have to accept responsibility for protecting the institutions assets and personal information of staff and students. This study focuses on the challenges that higher education institutions confront in creating a cyber-secure environment, of which many relate to culture. Establishing a strong cybersecurity culture can be difficult due to variables such as the institution's size and the relatively short duration of student enrolment, which is three to four years on average. The paper includes a detailed roadmap for creating an appropriate cybersecurity culture in higher education institutions. It emphasises the critical role played by all parties concerned in achieving this goal, including administrators, academic staff, and students. As a result, higher education institutions can build a culture that prioritises cybersecurity and fosters safe behaviour among all participants while adhering to the principles presented in this paper.
Keywords: Cybersecurity, Culture, People, Processes, Technology, Phishing, Social engineering, Higher education
1. Introduction
When creating a cybersecurity program, there should be an overall focus on people, processes, and technology. Unfortunately, security professionals tend to focus mainly on processes and technology when addressing the prevailing cybersecurity challenges contributing to organisations' vulnerability to cyber-attacks. These attacks are primarily phishing attacks, accounting for over 90% of cybersecurity breaches across different organisations, leading to huge data breaches (Wong, Abuadbba, Almashor, 8: Kanhere, 2022). People are often directly responsible for 'allowing' these attacks to succeed in institutions of higher learning (Mcllwraith, 2021). There are several reasons why cybercriminals target people; these reasons include a lack of knowledge and appreciation of what is essential to an organisation and the inability to identify phishing emails. Organisations will continue to suffer if an appropriate cyberculture is not in place. Students' relatively short enrolment periods complicate the establishment of a good cybersecurity culture. Students are, on average, enrolled for only three to four years, depending on their fields of study. Due to the large student numbers, the size of the institutions is another factor responsible for the complexity of developing and maintaining a conducive cybersecurity culture.
Due to the over-reliance on processes and technology, organisations have invested significantly in...