Building a Cybersecurity Culture in Higher Education: Proposing a Cybersecurity Awareness Paradigm
Reismary Armas, Hamed Taherdoost
Abstract
Today, the world is experiencing constant technological evolution, allowing cyberattacks to manifest through different vectors and widely impacting victims, from specific users to serious damage to institutions’ integrity. Research has shown that a significant percentage of recorded cyber incidents are attributed to social engineering practices or human error. In response to this growing threat, reinforcing cybersecurity awareness among users has become an urgent strategy to develop and apply. However, addressing cybersecurity awareness is a difficult challenge, specifically in the HE industry, where cybersecurity awareness should be an essential part of this type of institution due to the amount of critical data it handles. In addition to the need to strengthen the preparation of new professionals, statistics have shown a significant increase in successful security attacks in this industry. Therefore, this study proposes a conceptual Cybersecurity Awareness and Training Framework for Higher Education to facilitate the establishment of systems that improve the cybersecurity awareness of students in any academic institution, extending to all audiences that coexist in it. This framework encompasses key components intended to continually improve the development, integration, delivery, and evaluation of cybersecurity knowledge for individuals directly or indirectly related to the institution’s information assets.