The digital revolution is transforming African education, with universities embracing online learning and digital systems, writes Anna Collard, senior vice-president: content strategy and evangelist at KnowBe4 Africa.
However, this progress brings a crucial challenge: cybersecurity. Are African higher education institutions (HEIs) prepared for the escalating cyber threats?
The Growing Threat Landscape
African HEIs are increasingly targeted by cybercriminals. Microsoft’s Cyber Signals report highlights education as the third most targeted sector globally, with Africa being a particularly vulnerable region.
Incidents like the theft of sensitive data at Tshwane University of Technology (TUT) and the hacking of a master’s degree platform at Abdelmalek Essaadi University in Morocco demonstrate the reality of these threats.
Several factors contribute to HEI vulnerability. Universities hold vast amounts of sensitive data, including student records, research, and intellectual property. Their open nature, with diverse users and international collaborations, creates weaknesses, especially in email systems. Limited resources, legacy systems, and a lack of awareness further exacerbate these issues.
Examples of Cyber Threats in African Education
Educational institutions have fallen prey to social engineering and spoofing attacks. For example, universities in Mpumalanga and schools in the Eastern Cape have been notably victimised by cybercriminals, using link-based ransomware attacks, with some institutions being locked out of their data for over a year.
Earlier this year, the KwaZulu-Natal Department of Education warned against a cybercriminal scamming job seekers by falsely promising teaching posts in exchange for money and using photos with officials to appear legitimate.
Strategies for Strengthening Cybersecurity
African HEIs can take actionable steps to strengthen their cyber defenses:
- Establish Clear Policies: Define roles, responsibilities, and data security protocols;
- Provide Regular Training: Educate educators, administrators, and students to improve cyber hygiene and security culture;
- Implement Secure Access Management: Enforce multi-factor authentication (MFA) and secure login practices;
- Invest in Secure Technology Infrastructure: Include encrypted data storage, secure internet connections, and reliable software updates;
- Leverage AI and Advanced Technologies: AI can be utilised to enhance threat detection and enable real-time responses. Consider centralising tech setups for better monitoring;
- Adopt Comprehensive Cybersecurity Frameworks: Follow guidelines like those from the National Institute of Standards and Technology (NIST) and encourage phishing-resistant MFA, reducing hacking risks by over 99,9%; and
- Human Risk Management as a Priority: Focus on security awareness training, that includes simulated phishing, and real-time interventions to change behaviour and mitigate human risk.
Moving Forward
The cybersecurity challenges facing African HEIs are significant but not impossible. By adopting a human risk approach and acknowledging threats, implementing strong security measures, and fostering a positive security culture, we can protect institutions and ensure a secure digital learning environment.
A collective effort involving institutions, governments, cybersecurity experts, and technology providers is crucial to safeguard the future of education in Africa.