Strengthening cybersecurity education for university students: bridging vulnerabilities and promoting proactive digital safety practices
DOI:
https://doi.org/10.29352/mill0227.41111Keywords:
cybersecurity; digital safety; threat perceptions; behavioral responses; cyberattacksAbstract
Introduction: As university students in emerging regions like Albania increasingly engage with digital platforms, they face growing cybersecurity risks. While basic tools like antivirus software are common, critical gaps in password management and phishing detection persist, underscoring the urgent need for enhanced cybersecurity education.
Objective: To examine the gaps in cybersecurity practices among university students and identify critical areas that need more focus.
Methods: A quantitative survey was conducted with 242 students from IT-related disciplines. The survey assessed digital security practices, threat perceptions, and responses to cybersecurity incidents. Logistic regression analysis was applied to evaluate the link between proactive cybersecurity behaviors and the reduction of cyber incidents.
Results: The findings reveal a notable gap in students' awareness of cybersecurity risks. Students are more inclined to report cybersecurity incidents when anonymous reporting mechanisms are available, emphasizing the crucial role of privacy-respecting systems in promoting proactive incident reporting within universities. Additionally, logistic regression analysis shows that students who consistently engage in proactive cybersecurity behaviors are significantly less likely to encounter or report malware-related incidents, further highlighting the importance of cultivating these behaviors to reduce exposure to cyber risks.
Conclusion: This study underscores the need for educational programs that focus on advanced cybersecurity practices. It advocates for universities to implement tailored curricula that enhance students' digital security competencies, better preparing them for evolving cyber risks.
Downloads
References
Albanian Institute of Statistics (INSTAT). (2023). Use of Information and Communication Technology in the Household, 2023. https://www.instat.gov.al/media/11339/use-of-ict-in-households-2023.pdf
Chandarman, R., & Van Niekerk, B. (2017). Students’ cybersecurity awareness at a private tertiary educational institution. The African Journal of Information and Communication (AJIC), 20, 133–155. https://doi.org/10.23962/10539/23572
Chaudhary, S. (2024). Driving behaviour change with cybersecurity awareness. Computers & Security, 142, Article 103858. https://doi.org/10.1016/j.cose.2024.103858
European Commission. (2024, April 29). Policies: European Commission. Retrieved June 5, 2024. https://digital-strategy.ec.europa.eu/en/policies/cybersecurity
European Union Agency for Cybersecurity. (2024, June 29). Incident reporting: ENISA. https://ciras.enisa.europa.eu/
Eurostat. (2022, December). Statistical themes: Eurostat. https://ec.europa.eu/eurostat/statistics-explained/index.php?title=ICT_security_in_enterprises#ICT_security_in_EU_enterprises
Hong, W. C., Chi, C., Liu, J., Zhang, Y., Lei, V. N., & Xu, X. (2023). The influence of social education level on cybersecurity awareness and behaviour: A comparative study of university students and working graduates. Education and Information Technologies, 28(1), 439–470. https://doi.org/10.1007/s10639-022-11121-5
IBM. (2023). Cost of a data breach report 2023. https://www.ibm.com/reports/data-breach
Kuraku, S., Kalla, D., Samaah, F., & Smith, N. (2023). Cultivating proactive cybersecurity culture among IT professionals to combat evolving threats. International Journal of Electrical, Electronics and Computers (IJEEC), 8(6), 1–7.
Li, W., & Zeng, J. (2021). Leet usage and its effect on password security. IEEE Transactions on Information Forensics and Security, 16, 2130–2143. https://doi.org/10.1109/TIFS.2021.3050066
Li, Y., Wang, H., & Sun, K. (2016). A study of personal information in human-chosen passwords and its security implications. IEEE INFOCOM 2016 – The 35th Annual IEEE International Conference on Computer Communications (pp. 1–9). IEEE. https://doi.org/10.1109/INFOCOM.2016.7524341
Mashiane, T., & Kritzinger, E. (2019). Cybersecurity behaviour: A conceptual taxonomy. In O. Blazy & C. Yeun (Eds.), Information Security Theory and Practice (WISTP 2018) (Vol. 11469, pp. 147–156). Springer. https://doi.org/10.1007/978-3-030-20074-9_11
Mattioli, R., & Malatras, A. (2024). Incident reporting: ENISA. European Union Agency for Cybersecurity (ENISA). https://abrir.link/BPZwm
Moallem, A. (2019). Cybersecurity awareness among college students. In T. N. Ahram (Ed.), Advances in Human Factors in Cybersecurity. Advances in Intelligent Systems and Computing (Vol. 782, pp. 79–87). Springer. https://doi.org/10.1007/978-3-319-94709-9_8
Muniandy, L., Muniandy, B., & Samsudin, Z. (2017). Cyber security behaviour among higher education students in Malaysia. Journal of Information Assurance & Cybersecurity, 2017, Article 800299. https://doi.org/10.5171/2017.800299
National Authority for Electronic Certification and Cyber Security. (2023). Cyber governance 2023 report. Tirana, Albania: Author.
Raya, J. E., Yahya, A. S., & Ahmad, E. K. (2023). Protection from a quantum computer cyber-attack: Survey. Technium: Romanian Journal of Applied Sciences and Technology, 5, 1–12. http://dx.doi.org/10.47577/technium.v5i.8293
Shay, R., Komanduri, S., Durity, A. L., Huh, P., Mazurek, M. L., Segreti, S. M., Ur, B., Bauer, L., Christin, N., & Cranor, L. F. (2014). Can long passwords be secure and usable? CHI '14: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (pp. 2927–2936). Association for Computing Machinery. https://doi.org/10.1145/2556288.2557224
Temoshok, D., Fenton, J. L., Choong, Y.-Y., Lefkovitz, N., Regenscheid, A., Galluzzo, R., & Richer, J. P. (2024). NIST SP 800-63B-4.2pd: Digital identity guidelines: Authentication and authenticator management (Second Public Draft). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-63b-4.2pd
Wang, S., Salehi-Abari, A., & Thorpe, J. (2023). PiXi: Password inspiration by exploring information. Information and Communications Security: 25th International Conference, ICICS 2023 (pp. 249–266). Springer. https://doi.org/10.1007/978-3-031-44698-8_14
Zwilling, M., Klien, G., Lesjak, D., Wiechetek, Ł., Cetin, F., & Basim, H. N. (2022). Cyber security awareness, knowledge and behavior: A comparative study. Journal of Computer Information Systems, 62(1), 82–97. https://doi.org/10.1080/08874417.2020.1712269
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Millenium - Journal of Education, Technologies, and Health
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who submit proposals for this journal agree to the following terms:
a) Articles are published under the Licença Creative Commons (CC BY 4.0), in full open-access, without any cost or fees of any kind to the author or the reader;
b) The authors retain copyright and grant the journal right of first publication, allowing the free sharing of work, provided it is correctly attributed the authorship and initial publication in this journal;
c) The authors are permitted to take on additional contracts separately for non-exclusive distribution of the version of the work published in this journal (eg, post it to an institutional repository or as a book), with an acknowledgment of its initial publication in this journal;
d) Authors are permitted and encouraged to publish and distribute their work online (eg, in institutional repositories or on their website) as it can lead to productive exchanges, as well as increase the impact and citation of published work
Documents required for submission
Article template (Editable format)
