The digital revolution is transforming African education, with universities embracing online learning and digital systems. However, this progress brings a crucial challenge: cybersecurity. Are African higher education institutions (HEIs) prepared for the escalating cyber threats?
The Growing Threat Landscape
African HEIs are increasingly targeted by cybercriminals. Microsoft’s Cyber Signals report highlights education as the third most targeted sector globally, with Africa being a particularly vulnerable region. Incidents like the theft of sensitive data at Tshwane University of Technology (TUT) and the hacking of a master’s degree platform at Abdelmalek Essaadi University in Morocco demonstrate the reality of these threats.
Several factors contribute to HEI vulnerability. Universities hold vast amounts of sensitive data, including student records, research, and intellectual property. Their open nature, with diverse users and international collaborations, creates weaknesses, especially in email systems. Limited resources, legacy systems, and a lack of awareness further exacerbate these issues.
Examples of Cyber Threats in African Education
Educational institutions have fallen prey to social engineering and spoofing attacks. For example, universities in Mpumalanga and schools in the Eastern Cape have been notably victimised by cybercriminals, using link-based ransomware attacks, with some institutions being locked out of their data for over a year. Earlier this year, the KwaZulu-Natal Department of Education warned against a cybercriminal scamming job seekers by falsely promising teaching posts in exchange for money and using photos with officials to appear legitimate.
Strategies for Strengthening Cybersecurity
African HEIs can take actionable steps to strengthen their cyber defenses:
● Establish Clear Policies: Define roles, responsibilities, and data security protocols
● Provide Regular Training: Educate educators, administrators, and students to improve cyber hygiene and security culture
● Implement Secure Access Management: Enforce multi-factor authentication (MFA) and secure login practices
● Invest in Secure Technology Infrastructure: Include encrypted data storage, secure internet connections, and reliable software updates
● Leverage AI and Advanced Technologies: AI can be utilised to enhance threat detection and enable real-time responses. Consider centralising tech setups for better monitoring
● Adopt Comprehensive Cybersecurity Frameworks: Follow guidelines like those from the National Institute of Standards and Technology (NIST) and encourage phishing-resistant MFA, reducing hacking risks by over 99.9%
● Human Risk Management as a Priority: Focus on security awareness training, that includes simulated phishing, and real-time interventions to change behaviour and mitigate human risk
Moving Forward
The cybersecurity challenges facing African HEIs are significant but not impossible. By adopting a human risk approach and acknowledging threats, implementing strong security measures, and fostering a positive security culture, we can protect institutions and ensure a secure digital learning environment. A collective effort involving institutions, governments, cybersecurity experts, and technology providers is crucial to safeguard the future of education in Africa.
As part of efforts to strengthen cybersecurity awareness in the education sector, KnowBe4 offers a Student Edition—a version of its platform tailored to the unique needs of educational institutions, providing age-appropriate, relevant security content and training solutions. This initiative is guided by an Advisory Council of global universities, including Nelson Mandela University in South Africa, ensuring the content remains practical, culturally relevant, and aligned with the realities of student life.