Abstract
The government of Saudi Arabia has made a significant investment in improving the infrastructure in the education sector in the recent past. It has directly supported the digitization of learning in both public and private schools. These institutions have redefined their operations in line with the emerging technology trends. In this paper, the focus was on analyzing cyber security threats that these learning institutions face. Findings show that many institutions had digitized their operations, especially over the past year when the global community was battling the COVID-19 pandemic. However, cyber security threats remain a major impediment to the successful implementation of digital learning strategies. Most of these institutions are not fully prepared to deal with sophisticated cyber-attacks. It is necessary for the government to work jointly with other stakeholders to find ways of addressing the problem.
Introduction
Educational institutions around the world are embracing digital data management because it is efficient in collecting, processing, sharing, and storing sensitive information. The analog system has been faced in many modern institutions because of its associated challenges (Rains, 2020). When the COVID-19 pandemic struck, the global community realized that online platforms provide alternative ways of undertaking various activities that previously required physical meetings (Zhang, 2019). Many learning institutions, especially colleges and universities, increased their online presence to ensure that their students would continue with their learning while at home. Financial transactions in these institutions are also conducted on these digital platforms to make it easy for the administrators to plan and coordinate various activities. Christiansen and Piekarz (2019) explain that educational institutions have become fully reliant on digital data platforms to manage employees, develop strategic and tactical plans, facilitate research, communicate with stakeholders, keep records, and facilitate both online and classroom classes.
As technology becomes central to the overall running of educational institutions, a new threat has emerged that may have devastating consequences if not properly managed. Cyber-security threat is currently the biggest concern that these institutions face as they make a complete shift from the analog to the digital data management system (Chishti & Puschmann, 2018). Techno-savvy criminals have perfected the strategy of illegally accessing sensitive data belonging to students, lecturers, specific administrators, or the institution at large with malicious intentions (Grieco et al., 2019). Some of these phishing expeditions are intended to steal data and sell it to third parties interested in achieving specific goals. For instance, the recent massive research on COVID-19 was conducted by various institutions of higher learning in conjunction with medical institutions. The goal has been to find a cure and a vaccine for the virus. Cybercriminals have been trying to hack into databases of such institutions with the aim of stealing the formula and selling it to other institutions around the world (Tallón-Ballesteros & Chen, 2020). Such intellectual property theft is a major concern to these institutions.
Hacking may be targeted at manipulating information in the database of a learning institution. The financial department is always the leading target of these cybercriminals. Their goal is always to steal from the institution using different strategies (Berman et al., 2019). Some criminal-minded students may hack the system and update their payment details with the goal of defrauding the institution. A hacker may target a student’s portal and manipulate data in various ways. Ransomware attacks are also increasingly becoming common, and they often target lecturers and administrators (Erendor & Öztarsu, 2020). Other major threats include Trojans, botnets, wiper attacks, and Distributed Denial of Service. The financial loss, disruption of the normal operational activities, the blackmail, and theft of sensitive information is a major concern to these educational institutions. It threatens their sustainability, especially if the school lacks a proper system of managing these threats (Ferrag et al., 2020). It becomes difficult to manage the finances of the institution when criminals can have access to the database and manipulate it in a way that pleases them. Teachers can also not deliver on their tasks effectively if they are constantly blackmailed or their educational materials are stolen or manipulated. Students are not safe because their portals can be accessed and their important data manipulated in a way that affects their grades or their financial statements. In this paper, the aim of the researcher is to critically analyze cyber-security threats to educational institutions in the Kingdom of Saudi Arabia.
The Problem
Rapid digitization that has been witnessed in various learning institutions in the Kingdom of Saudi Arabia and around the world over the past decade has exacerbated the problem of cyber-attacks. The problem is that despite the serious danger that cyber insecurity poses to these educational institutions, they do not have the option of moving back from digital to analogue data management system (Nguyen & Reddi, 2020). These institutions have to continue using digital data system because of the technological changes that have been taking place over the recent past. They have to learn how to manage the threat and operate secure digital platforms that protect learners, teachers, administrators, and institutions.
The limited budget has been identified as one of the major challenges that limit the ability of these institutions to fight cybercrime effectively. According to Williams and McDonald (2018), most of these educational institutions cannot afford to set aside a significant amount of their resources to fight cybercrime. They rely on government funding and school fees that students pay to finance their activities. The income goes to the payment of staff, purchasing of consumables needed in the institution, and paying other bills. As such, setting aside a significant amount of money to install some of the latest software and pay for highly qualified experts is an issue.
The absence of policies regarding cybercrime is another major problem that leaves these institutions vulnerable to persistent attacks. When a cybercriminal uses their skills to steal money from these institutions, then there are laws that can be used to prosecute them for theft. However, the country still lacks legislation that can help in prosecuting those who steal or manipulate data from these institutions (Kumar, 2020). They may be prosecuted for a misdemeanor, which is a minor offence that cannot deter such actions in the country. The few cyber-security policies that have been enacted do not classify learning institutions as major victims to such attacks. As such, they have not been given priority when defining means and strategies of fighting cybercrime in the country.
Cyber-security threat to learning institutions is worsened by a common culture in most of the learning institutions in the country where students are expected to have their personal devices that they can use to login to their accounts. They can use their personal computers, iPads, tablets, or smartphones to access these sensitive databases. Criminals take advantage of these security gaps to access information that they need (Nguyen & Reddi, 2020). The IT department can install malware detection software on all gadgets controlled by the school, probably those in the library or employees’ workstations. However, the same cannot be done to gadgets that belong to learners, especially if there are no proper regulations. These are some of the challenges that worsen the cyber-security threat that these institutions face. It is necessary to find ways of addressing the problem to ensure that these institutions are protected.
The Recommended Solution
The management of educational institutions and policymakers in the country should find a way of addressing the problem of cyber-security threats in the country. They have to put in place policies and infrastructural systems that will ensure that sensitive data for these institutions remain as secure as possible. The following are the steps that they should consider to address this problem:
- Every education institution in the country should have internal policies meant to minimize the capabilities of cybercriminals;
- The management of these institutions need to invest in emerging technologies meant to protect their databases;
- These institutions need to work closely with cyber-security experts to help in monitoring and managing these threats;
- The government should enact strict policies that can ensure that cybercriminals are severely punished to discourage such practices;
- The government should increase financial allocations of educational institutions to enable them to fight cybercrime effectively.
Statement of Aim
It is evident that learning institutions in the country and around the world are faced with serious cyber-security threats. As explained above, the problem cannot be solved by walking back technology and reverting to analogue approach of managing data. Instead, stakeholders have to find ways of ensuring that these educational institutions operate without being adversely exposed to cyber insecurity. The aim of this study is to investigate cyber-security threats that these institutions face and develop solutions that they can embrace to ensure that their data is protected from any form of attack.
Statement of Objectives
Defining research objectives helps in determining the nature of data that should be collected from the field. According to Kara (2020), research objectives should enable one to meet research aim. In this study, the following objectives will make it possible to understand cyber-security threats that educational institutions face and solutions that can be developed to ensure that data is protected from any form of attack:
- To assess the nature, magnitude, and frequency of cyber-attacks that target educational institutions in the country;
- To identify departments which are more vulnerable to these attacks in these institutions;
- To determine the impact of cyber-attacks on the normal operations and success of learning institutions in the country.
Project Plan
When conducting a research project, it is important to define in clear terms tasks specifications and durations that they are supposed to take for them to be completed. The project plan helps in determining how each activity should be taken to enable the researcher to achieve the desired goals. In this section, the researcher defines these tasks and the duration that it will take to ensure that they are completed.
Tasks Specification
The researcher needed to complete specific tasks to ensure that this project is a success. The first task was the development of a proposal. The proposal defined how the researcher intended to conduct the study, sources of data, and the methodology that was appropriate for the study. The second task was to hand in the proposal for the approval. The researcher then developed a questionnaire that was meant to facilitate the collection of primary data. These first three tasks had been completed. Literature review was another important task. The researcher had to review what other scholars have found out about this topic. Books and journal articles proved important when conducting literature review. The collection of primary data from a sample of respondents was the next important task. It enabled the researcher to address research gaps that were identified during the process of reviewing the literature. Chapter 3 of this document describes in detail how participants were sampled and how the actual process of collecting data conducted. The next step was to analyze primary data in a way that directly responds to the research questions. The last task was the writing and proofing of the report.
Tasks Duration
Each of the above tasks was assigned a specific duration within which they had to be completed. The first task of developing the proposal was to take about 11 days, from January 7th to January 18th 2021. Proposal approval was expected to take about 2 weeks, from January 20th to February 15th 2021. Questionnaire development took a relatively short period of two days, from 18th to 20th February 2021 because research questions had been defined. Review of the literature was a continuous process. From 7th January 2021 when developing the proposal to April 25th 2021 when writing the final report, it was necessary to review the literature and support various arguments with information from published sources. Primary data collection took over 6 weeks, from February 23rd to April 5th 2021.
The process of sampling participants, contacting each one of them and convincing them to take part in this academic project required some time. The process of analyzing primary data collected from these participants took about 2 weeks, from 8th to 23rd April 2021. Writing the report and proofing it, which was the last step, took about 3 weeks, from April 25th to May 17th 2021. The completed report will then be delivered as per the regulations set by the school and within the time that was specified. Table 1.1 below shows the timeline of all these tasks conducted in this research project.
Table 1.1: Task Duration
Literature Review
The previous chapter has provided detailed background information about the topic. Educational institutions are keen on embracing emerging technologies to improve efficiency, cut costs, and improve the overall quality of services that they offer. Cyberspace has provided a perfect opportunity for these entities to offer high-quality services to their students and to ensure that different stakeholders can share critical information seamlessly without the need to transfer physical files. This impressive development has been negatively been impacted by cyber-attacks. In this chapter, the researcher will review the literature to understand what other scholars have found out in this field of study. The chapter provides a background and overview of related works, critical analysis of data from other scholars in this field, and an overview of implementation tools. This chapter helps in identifying knowledge gaps that still need further primary research.
Background and Overview of Related Work
The Concept of E-Learning
The concept of e-learning has attracted the attention of many scholars over the years because of its growing relevance. Adel et al. (2019, p. 50) define e-learning as “a form of Distance learning and can be defined as a way of teaching using modern communication mechanisms such as computers, multimedia, and Internet gates in order to communicate information to the learner as quickly as possible.” The use of technology in learning institutions has gained popularity over the past decade. Rajesh (2017) argues that it is no longer necessary for learners and educators to be physically present in a classroom setting. Instead, it is not possible for learning to take place in the online platforms with ease.
The internet has made it possible for people to have meaningful interactions within cyberspace and many learning institutions are taking advantage of these advances in technology. According to Berman et al. (2019), e-learning has become one of the main modes of study in institutions of higher learning. The technology is also gaining relevance at the lower levels of education. When the COVID-19 pandemic struck the world in 2020, most of the schools around the world had to be closed because of the threat of spreading the virus among students, teachers, and the community in general. Online learning offered a perfect solution to this challenge that these institutions were facing. Teachers and their students could easily interact through the online platforms without the need of leaving their homes. During this period, it became apparent that e-learning holds the future of education.
Importance and Benefits of E-Learning
E-learning has proven to be an effective mode of passing knowledge without necessarily having the brick-and-mortar structures to facilitate physical meetings. Events over the recent past have demonstrated the significance of e-learning to the community. When assessing the benefits and importance of e-learning, it is necessary to focus on individual stakeholders who rely on this technology to achieve specific goals. Figure 2.1 below of cloud computing in educational settings identifies specific stakeholders who currently benefit from the technology. Students are some of the greatest beneficiaries of e-learning and cloud-computing. The new technology has made it possible for them to attend their classes in the comfort of their homes. They no longer have to incur the cost of renting a hostel near their learning institutions or the cost of traveling to and from school on a daily basis (Adel et al., 2019). They only need to have access to the internet and an effective gadget to ensure that they can achieve their goals. Statistics have also shown that online classes cost less compared with when they have to attend physical classroom sessions (Zhang, 2019). Generally, this technology has made education easier and cheaper for them.
Lecturers are also major beneficiaries of this new technology that is rapidly gaining popularity around the world. Just like the learners, these educators no longer have to be physically present in the classroom to offer their services. They can do the same while at home as long as they have the necessary infrastructure. It means that they can spend more time with their families. They also eliminate the cost of constantly traveling to work or having to rent a house near their places of work. Researchers also benefit a lot from this new platform. The digital data platform makes it possible for them to share information about their new findings and specific areas that still need further investigation.
The administrators have also benefited immensely from the new technology. Cloud computing and the general digital data management approach associated with e-learning have made it easy for them to process information. Instead of handling physical files, which was a tedious, time and space-consuming process, they only need to handle digital data at the comfort of their offices. They can easily process, store, access, and share information about students, lecturers, and the non-teaching staff with ease. Administrative records such as expenses, income, and employee data among others can also be managed in this new platform. Monitoring and evaluation of the performance of employees have also become easier under the new setting. Library users and administrators find it easy running online databases than it is in physical libraries.
Accessibility and Usability of E-Learning
The new technology can only be considered relevant and effective if it is accessible to the targeted population. Zhang (2019) explains that the idea of wireless connection and system first emerged in the early 1990s. Slightly over two decades ago, it was not easy to convince the global community, even those in the most advanced economies in Europe and North America, that learning could take place on online platform. However, the rapid advancement of technology has completely redefined the learning approach in modern society. E-learning has become a popular form of teaching both in developed and developing economies around the world. One only needs a gadget such as a personal computer, a tablet, or an iPad that is connected to the internet to have access to online learning.
The accessibility and usability of e-learning have been growing at a relatively rapid pace over the past decade. According to Levy et al. (2013), many institutions of higher learning currently have fully established departments of distance learning. They are meant to facilitate students and lecturers to ensure that learning can take place in the online platforms. These institutions have the responsibility of putting in place the necessary infrastructure to ensure that this approach to education can be a success. They also have to train both the educators and students on how to conduct online classes. Students have the responsibility of ensuring that they have the needed gadget and a reliable internet connection to ensure that their classes cannot be interrupted. These gadgets have become common and more affordable even to low-income families.
Critical Analysis
Educational institutions are becoming increasingly reliant on cyberspace to offer their services to students. E-learning has proven to be a cheaper alternative to physical classrooms. The current trend shows that online learning is likely to become the primary mode of education in the near future, especially in institutions of higher learning. The problem is that this platform is facing numerous challenges, top of which is cyber-insecurity. Cybercriminals have mastered unique skills that allow them to gain illegal access to the databases of these institutions with varying intentions. It is necessary to assess cyber threats to educational institutions, how they should prepare for them, and the response that is needed in case they are under an attack.
Threats to Educational Institutions
Educational institutions face numerous threats when they are operating in cyberspace to offer their services to the learners. One of the greatest threats that these institutions face is cloud insecurity. Protecting the high-traffic networks managed by third-party vendors has proven to be a challenge (Aliyu et al., 2020). Most of these learning institutions trust these vendors to ensure that their data remains safe. It means that these educational institutions will have to trust critical details of their institutions in the hands of third parties. The risk that such data can be stolen or manipulated by employees of third parties remains high. The problem is worsened by the fact that the majority of these learning institutions lack the capacity to manage their own high-traffic networks because of limited capabilities. They have to continue relying on third parties.
Denial of service (DoS) is one of the most common attacks that these institutions encounter when using e-platforms to deliver their services. It happens when an individual who always has access to a regular website suddenly realizes that the access has been denied without any valid reason. E-mails, learning accounts, specific websites such as that of the libraries, and such related accounts can be hacked and the rightful owner locked out. This attack may be focused on stealing important data from the victim, manipulating the data, or forcing them to pay a ransom for them to have their accounts accessible once again (Williams & McDonald, 2018). During that period of denial of access, such individuals cannot have access to important portals, databases, and websites that they need to facilitate normal learning or administrative tasks. Students, lecturers, administrators, or other non-teaching staff members are vulnerable to this attack and the severity always depends on the goal of the cybercriminal and the sensitivity of the data they have access to within that period.
Malware attack is another common strategy that cybercriminals use to achieve their goals. This form of cyber-attack happens when unwanted software is installed into a computer, tablet, or any gadget that the targeted individual is using. The malware can be used to achieve a wide variety of goals. Rains (2020) explains that it can easily lead to the crashing of the computer if that was the intent. However, the most common goal of such malware is to steal data from the targeted individual without their knowledge. The cybercriminal may have access to all the sensitive information that the individual has on their computer. The goal may be to sell the data to third parties or use it to demand ransom from the affected individual. Ransomware, worms, adware, and viruses are some of the most common types of malware that are often used to achieve different goals.
Phishing is one of the most common and highly devastating forms of cyber-attacks that many institutions around the world still face. In this form of attack, these cybercriminals use unscrupulous email messages that may appear legitimate to the victim. These messages come with hyperlinks that when clicked, leads the victim to specific websites where they will be promoted to reveal their addresses, passwords, and usernames among other PII details (Al-Janabi & Al-Shourbaji, 2016). Once these criminals have access to these personal details, they can achieve their malicious goals against the target with ease. Some of them may have financial motives, which means that they will use the information obtained to steal from the victim. Others may use the information for personal reasons or based on the directive given by their client. Others would use the information to blackmail their victim into doing something that they would otherwise opt not to do (Tallón-Ballesteros & Chen, 2020). The criminal may even lock the victim out of their accounts because they have the necessary information that they need to achieve such a selfish goal.
Unsecure personal devices remain the other major challenge that these institutions face as they struggle to enhance security for their students and staff. Many institutions allow their learners to access sensitive databases such as their learning portal, financial portal, and other websites such as the library using their personal devices such as computers, smartphones, or tablets. The problem is that these institutions cannot have full control of the way these learners use these gadgets when accessing sensitive information (Rains, 2020). The problem is that some of them may collude with cybercriminals to use the access they have to these databases for their selfish interests. They can easily gain access to these websites, steal sensitive information or manipulate data in ways that negatively affect the institution. Such attacks may be costly, especially when the goal of the criminal was to steal from their target.
Camfecting is another new challenge that is emerging in modern society. In this case, the criminal gains remote access to the webcam of their target. As Kumar (2020) observes, most of the modern e-learning platforms require the student and the lecturer to have a webcam. As such, they can have a more realistic engagement where the learner can see the teacher and vice versa. It makes the learning process more effective, especially when calculations and complex demonstrations are needed. Camfecting occurs when a criminal targets the webcam of a user, who can be a student or a teacher and uses it for their personal malicious goals. The goal may be as simple as disrupting one of the online classes or as complex as sharing information that may deeply harm the reputation of the targeted individual.
Preparing for Threats
Cyber-security threats to educational institutions are a major concern that cannot be ignored by schools that intend to embrace the new technology to offer their services to students. Some of the leading universities in the United States and other parts of the world report thousands of attempted attacks every single day (Al-Janabi & Al-Shourbaji, 2016). Most of them are often failed attempts because of the security infrastructure that these institutions of higher learning have put in place. As such, the most viable and reasonable assumption that these institutions should embrace is that they can easily become victims of such attacks as long as they are operating in cyberspace. They have to find ways of protecting themselves from the attacks before they can happen. The following are some of the steps that these institutions can take to ensure that they are adequately prepared for any potential threat.
Encrypting data has emerged as one of the most effective ways of addressing the problem of cyber-attack. The process involves coding the information in a way that cannot be understood by third parties trying to access the data. Traditionally, the sender would code the message and send it to the recipient. The recipient is expected to have the capacity of decoding the encrypted message. However, technology has made the process of encryption much simpler than it was in the past. The sender will write the message in a normal way, the message would be encrypted while on transit, and then decoded when it reaches the recipient (Carlton et al., 2019). It means that when a cybercriminal is able to intercept the message before it reaches the intended audience, they may not decode the message easily. This strategy is rapidly gaining popularity as a means of minimizing potential threats that target individuals’ accounts.
Complying with an institution’s cyber protocols is one of the steps that all stakeholders should be encouraged to embrace. The school is expected to have a protocol that students, teachers, administrative staff, and other stakeholders should follow when accessing a given database (Pawlowski & Jung, 2015). The protocol is meant to ensure that in case an individual is targeted, they will realize that they are under an attack before they reveal sensitive information. For instance, when they realize that in the process of accessing a given database, a new and unusual request or command is made, they will know that someone is trying to lead them to a stage where they can access their private information. They should stop at that stage and contact relevant authorities to ensure that the issue is investigated.
Protecting devices from physical attacks is another major requirement that should be embraced as a means of protecting different stakeholders from various forms of attack. According to Hasan (2017), sometimes criminals may need to gain physical access to a device such as a computer or tablet used to access a given database for them to plant malware that they can later use to gain access to information they need or manipulate the system. One of the ways of preparing and minimizing the possibility of such an attack is to limit access to these sensitive devices. Computers used as databases should be securely kept and only specific trusted individuals allowed access. Individual students and teachers also have a responsibility of protecting devices that they use to access their portals in the school. They need to ensure that these personal computers and tablets are not easily accessible to individuals who may be interested in gaining sensitive personal information about them.
Backup of data is another approach that one can embrace when preparing for an attack. In many cases, the attack may focus on manipulating information in a given database. When the department of finance is the target, these criminals can manipulate financial records in ways that may make the institution make unjustified payments to them. In some cases, it may become impossible to know which students have paid their school feels or which suppliers have been paid for their deliveries. To avoid such problems, the institution should have a secure backup system of data. It is always advised that such a backup database should not be accessible through online platforms most of the time (Coleman & Reeder, 2018). They should only be accessible to local area networks (LAN) for a specific period of making the updates. Such a strategy will minimize the ability of a criminal to access the system remotely.
Creating access control lists and firewalls is another major step that should be taken to limit the vulnerability of the institution from cyber-attacks. The institution should have a list of individuals who are allowed access to specific databases. This requirement makes it easy to trace any possible breach to specific individuals. The list should be updated regularly to ensure that those who have transitioned out of the institution or a specific department are denied access (Chishti & Puschmann, 2018). Such individuals often pose a higher risk of an attack because they have sensitive information that is not beneficial to them. When the list has been defined, it is necessary to have firewalls that will protect the individual user and the institution. Such protections minimize the ability of cybercriminals to have access to sensitive information through a student or staff portal.
Developing policies on data management may also enhance the security of cyberspace of a given institution. Policies on secure deployment, maintenance, and responsible/acceptable use are essential (Kumar, 2020). Individual users must understand that they have a role to play in enhancing the security of the entire system. They have to understand that it is their responsibility to protect devices that they use to access various databases in the school. They have to know that they are expected not to share their personal login details such as usernames and passwords with anyone else. In case they detect or suspect any breach in their official accounts, they have to report the issue to the relevant authority so that an investigation can be conducted. The institution must make it clear that there will be some consequences if it emerged that a student or staff facilitates or is directly involved in any form of cyber-attack targeting any of the departments or stakeholders within the institution.
Avoiding the habit of sharing information is one of the simplest yet highly effective ways of fighting cyber-attacks. Some individuals tend to be too trusting even with strangers. They easily provide their personal emails, usernames, and passwords even when they are not supposed to do so (Hasan, 2017). Such actions leave them vulnerable to possible attacks because these criminals can easily have access to their portals. The management of these institutions should educate their students and all the other stakeholders on the dangers of sharing personal data. They should specifically be warned against pop-up prompts that require them to provide their usernames and passwords even in instances where such actions are unnecessary.
Responding to and Recovering from Threats
When cybercriminals are successful in their attacks, the response approach that the affected institution takes is critical in defining the impact. Regular assessment of the databases and the entire system often helps in ensuring that there is early detection of an attack. When the attack is detected, Zhang (2019) emphasizes the fact that the first step is to stop the attack. If criminals have gained access to a given database, the compromised system should be brought down as soon as possible to minimize the impact. If it is not possible to bring down an entire database, then the data security experts should make an effort of denying the hacker access as they secure the system.
The second step is to identify the intended goal of the hacker. Some may be interested in stealing the data of a specific student or staff. Others may have the goal of manipulating data to achieve specific goals. The majority often target the department of finance with the aim of stealing from them. In case the goal of the hacker was to steal money from the institution, then it might be necessary to involve local law enforcement agencies (Chishti & Puschmann, 2018). Such individuals would need to be subjected to the full force of the law. In case the intention of the attack was to disrupt the normal learning process at the school, then the management will need to take corrective measures.
The third step is to identify the individual or individuals involved in the attack. Hasan (2017) explains that this stage is one of the complex processes when responding to an attack. Some of these cybercriminals may be in a foreign country, using their cyber capabilities to execute their attacks. Others may be part of the institution, but use sophisticated technologies to hide their identity. Where possible, the institution should identify these criminals so that they can take full responsibility for their actions. When an attack involves the loss of finances, it becomes even more critical for these criminals to be traced and identified so that the lost finances can be traced and returned to the institution as they are sent to jail.
The cyber-security team will then have to assess the impact of the attack. They will have to monitor the digital footprint of the criminal, determine the damage that their actions had on the system, and specific departments that were affected. The goal of the assessment is to help the management and the entire institution in taking restorative measures (Zhang, 2019). The damage has to be repaired before the department can resume its normal operation. The recovery process often depends on the magnitude of the impact. Minor attacks may not need any major response and the department may be allowed to continue with its normal activities without any major disruptions. On the other hand, the impact can be so devastating that the department affected may be forced to shut down its operations for a while before it can resume operations.
Learning from the attack is another major step in responding and recovering from an attack. The cyber-security team should conduct a thorough investigation of the incident. One of the major goals of such investigation would be to identify the weaknesses of the system. They should be in a position to explain why the hacker was successful in their attack despite the measures that had been put in place. The team should then find a lasting solution to the identified weakness. The area and magnitude of the attack should also provide information about the vulnerability of the institution. It will become clearer to the data security management team-specific departments which are more vulnerable to attacks and the possible outcomes of such threats. The information gathered from such an investigation will be critical in future planning.
Overview of Implementation Tools
Managing cyber-security threats in educational institutions require close coordination of different systems to achieve the desired outcome. As explained above, these institutions need to be proactive instead of being reactive. Even if they have not come under an immense attack, the management should acknowledge the fact that an attack may occur at any time and it may have devastating consequences. Putting in place measures that can help prevent the occurrence or mitigate the consequences may be of great help. Understanding tools and elements needed in managing these threats is critical.
People
When defining elements needed for the implementation of security policies, the staff must be given priority. Stakeholders in this organization play a critical role in enhancing the safety of the system. The teaching and non-teaching staff have an important role in ensuring that they do not provide critical information to third parties who may be interested in stealing from the organization. They should not be directly or indirectly involved in the hacking of the database of the school. Learners also have a role to play in ensuring that they protect the database of this organization. They should protect all the gadgets that they use to access various databases in the school from being accessed by third parties (Zhang, 2019). They should also ensure that they do not provide any assistance to individuals who may be interested in hacking into the database of the school.
The cyber-security staff has the primary role of ensuring that the entire system is safe from any form of attack. They need to update the system with the new and most effective firewalls that limit the ability of cyber criminals to gain access to the database. They should also conduct regular inspection of the system with the aim of identifying potential threat early enough and neutralizing it before they can cause any major impact (Chishti & Puschmann, 2018). The management should provide the resources that the security management team needs to ensure that the system is updated and that the needed software and hardware are purchased to enhance the safety of the system.
Policies
The ability of these educational institutions to manage cyber-security threats also depends on policies that the institutions and the country at large embrace. At the institutional level, the management should enact policies that define how all stakeholders will use data made available to them and responsibilities that they have to embrace. The teaching and non-teaching staff should know databases that they are allowed to access, how and when to share data, and when to report any issues that they believe might be a threat to the institution. Learners should also understand their limits when having access to specific databases. The institutions should define specific punitive measures that will be mated against those who go against these policies. The government should also enact stricter laws that can protect these institutions from any form of attack.
Technology
Technology is an important element when defining how to maintain cyber-security at these institutions. Emerging technologies and tools have played a critical role in enhancing the security of these systems. The data security management team at these institutions may need to go through Information Security Awareness Training (ISAT) to enable them to gain knowledge on how to manage these emerging threats (Hasan, 2017). They will have the ability to detect and neutralize these threats as early as possible. Using Intrusion Detection and Prevention Systems (IDPS) may help in making these early detections to the threat that the facility may face from cybercriminals (Nguyen & Reddi, 2020). Digital audits and forensics have also proven to be effective in identifying emerging threats. These institutions are also expected to use secure payment platforms that limit the ability of criminals to gain access to their financial databases.
Methodology
The previous chapter provided a detailed review of the literature on the topic of discussion. It was possible to identify gaps that exist in this study based on the findings that other scholars have made. In this chapter, the focus is to discuss what other scholars have found out in their investigation. It was evident that most of the books and journal articles that focus on cyber-security threats were based on data collected in Europe and North America. Limited studies have narrowed down to how local educational institutions in the Kingdom of Saudi Arabia are affected by the problem of constant cyber-attacks. It was necessary to assess how these institutions are affected by this problem to find ways of developing local solutions. As such, collecting primary data from local stakeholders in the education sector was essential. This chapter explains how participants (subjects) were identified, sampled, and involved in the process of collecting data. The chapter also explains the instrument used in the process of collecting data, the procedure, and the statistical analysis that was conducted to help in answering the research questions. The chapter ends by explaining the challenges faced and ethical considerations that the researcher observed.
Subjects
The first step was to identify those who were to take part in the data collection process. The researcher had to collect data from stakeholders in the education sector who can explain the cyber-security threats that they have encountered in their normal operations. The researcher classified these participants into three groups. The first group was the administrators responsible for ensuring that these institutions are running smoothly. The second group were the teachers who are currently using cyberspace and other modern technologies to facilitate the learning process. The third group was learners who are currently using information technology to enable them to acquire new knowledge. The researcher selected two institutions of higher learning to facilitate the process of collecting data from these three groups of respondents.
Once the clusters were defined, the next step was to identify a manageable sample from the group. The researchers had a limited time to collect and process data from these individuals. As such, it was not possible to engage the entire population in the study. Stratified sampling was the most effective way of collecting data from the three groups. The researcher sampled 50 participants, which included 20 students, 20 teachers, and 10 administrators. This sample size was considered adequate enough to give a clear picture of the issue under investigation, and small enough to enable researchers to collect and process data within the limited time that was available for the study.
The researchers contacted these participants through their mobile phones. Social media platforms, especially Facebook, WhatsApp, and Twitter also played a major role in facilitating continuous communication with these participants during the period of data collection process. They were informed about the significance of this study and the role that they were expected to play. The researchers answered all the questions and addressed all the concerns that these participants had before they could take part in the investigation. They were also reminded that their participation was voluntary in nature.
Instrumentation
It was necessary to develop an instrument to facilitate the process of collecting data from the sampled participants. Kumar (2019) explains that when collecting data from a sample of respondents, it is always advisable to develop a questionnaire. The instrument helps in harmonizing data collected from the sampled participants. It ensures that every participant is given the same question that can then be used to facilitate the analysis (Politano et al., 2018). It also eliminates cases where a researcher forgets to ask critical questions needed to respond to the main research questions. The questionnaire that was used in this study had three sections.
The first part of the questionnaire focused on the demographical factors of the respondents. First, it helped in determining that each of these respondents has stayed in the country long enough to understand the problem of cyber-attacks at these educational institutions. One can only give an accurate account of an issue if they have had enough time to experience it. Factors such as gender and were captured to help capture any form of bias in the information provided by the respondents. Hasan (2017) believes that the older generation has less interest and knowledge about modern technologies, especially when they have the option of using traditional methods. This claim of bias could be captured by monitoring how respondents falling into that category responded to specific questions.
The second part of the document focused on the experience and academic qualifications of the participants. For administrators, the researchers needed individuals who have been holding the position for at least three years. The same level of experience was expected from each of the lecturers who were included in the study (Mahrool, 2020). It was also necessary to determine the academic qualifications of these lecturers and the administrators to understand the authority they had in explaining some of the challenges they face and solutions that they propose can be effective. For the students, they must have been at these institutions for at least two years. The period was considered enough for them to have encountered the problem and understood its consequences. The last section of the instruments focused on specific issues related to cyber-security threats to educational institutions within the country.
Procedures
The process of collecting data from the sampled participants had to take a specific procedure to achieve the desired goals. It is important to note at this stage that the researchers obtained consent from the two institutions before contacting individual participants. It was through the administrators of these institutions that the researchers were able to get the contact of these participants. Once the participants had been sampled and the instrument prepared, the researcher had to reach out to individual respondents. The goal of this study was explained to them and they were informed of the reason why they were selected. Only those who agreed to be part of this study were engaged in the process of collecting data.
The researchers e-mailed questionnaires to these participants. The email explained how they were expected to respond to the questions. Most of the questions developed were structured in nature to facilitate the statistical analysis needed in this study. It meant that respondents only needed to choose from the list that provided the most appropriate answer to each of the questions that were posted in the document. The researchers made a follow-up with every respondent to remind them that the document had been emailed to them. Participants were informed that upon answering these questions, they were expected to email back the filled questionnaire. The process of collecting primary data took two weeks.
Statistical Analysis
When primary data had been collected from the participant, it had to be processed to help in responding to the research questions. According to Mallette and Duke (2020), one can use qualitative, quantitative, or mixed-method to process primary data. The choice of the method depends on the nature of the questions that have to be answered. In this study, statistical analysis was the most appropriate method of answering questions. The quantitative method used structured question and the participants were instructed to select answers that best responded to each of the questions asked. The quantitative method of data analysis did not provide an explanation as is often the case when conducting a qualitative analysis (Bell, 2018). However, it helps in addressing the fundamental questions of the research. Data obtained from the participants were coded into an excel spreadsheet. The software was then used for the computation and generation of various outputs depending on the nature of the question that had to be answered.
First, it enabled the researchers to determine the level of occurrence of cyber-security threats that educational institutions face in the country. The analysis also revealed the magnitude of the impact of these incidences in the country. It was also possible to determine the level of effectiveness of the common strategies that are currently used in addressing this problem. These were the fundamental issues that had to be assessed when investigating the nature of the problem and its impact on these educational institutions. When addressing the alternative ways that these schools can use to boost their security, the statistical analysis made it possible to identify the popularity of some of the emerging technologies based on the responses from these participants. The information obtained from the statistical analysis was presented in charts and graphs for easy understanding.
Challenges Faced and Ethical Considerations
The process of collecting primary data was affected by some challenges which are worth discussing at this stage of the report. One of the major challenges was the inability to physically interact with the participants because of the COVID-19 restrictions. The government, upon the advisory from the local and international healthcare institutions, has been discouraging physical interaction of people because of the fear of spreading the virus. As such, the physical interview, which was the most preferred approach of collecting primary data, could not be used in this investigation. The researcher had to rely on the online platforms to gather the needed data. Some of the participants who agreed to take part in the investigation failed to do so for personal reasons. They had to be replaced to ensure that data saturation was achieved.
When conducting this study, the researchers were keen on observing ethical considerations. Baron and McNeal (2019) note that it is an ethical requirement to ensure that the identity of participants is protected. Sometimes people may be victimized because they have a divergent idea from that of the majority of the population or those in powerful positions. As such, the researcher ensured that the identity of those who took part in the study remained anonymous. Instead of using their actual names, they were assigned codes, from Participant 1 to Participant 50. The researchers addressed all the issues that these respondents had before they could start answering the questions. As required by the school, this document was written from scratch and all forms of plagiarism were avoided. Information obtained from secondary sources was referenced accordingly using American Psychological Association (APA) seventh edition style. The researchers also ensured that the document was handed in within the time provided by the school.
Results
The previous chapter provided a detailed explanation of the method that was used to collect and analyze primary data that was used in this study. In this chapter, the focus is to provide a statistical analysis of the data that was collected from various sources. As explained in the previous chapter, the analysis of primary data took the quantitative approach to assess the magnitude and frequency of the problem.
Results of Statistical Testing
When conducting the analysis, the researchers’ focus was to respond to the research objectives. The objectives were converted into research questions and data obtained from the participants used to answer them. After conducting the analysis, results were presented in column and bar charts as shown below.
- What is the nature, magnitude, and frequency of cyber-attacks that target educational institutions in the country?
It was important to assess the nature of these attacks on educational institutions. Respondents were asked to identify the most common attacks, especially those that they have experienced in their different departments. Each respondent was instructed to identify one threat that they feel is the most common based on their experience. As shown in figure 4.1 below, it was evident malware attack is the most common cyber-attack at these institutions. It affected all the stakeholders irrespective of their department. Phishing was the second-most common form of cyber-attack at these organizations. The respondents identified unsecured personal devices as another common problem. Denial of service (D-o-s) and camfecting were the other challenges that these respondents identified.
When reviewing the literature, it was noted that cyber-security threats have become highly devastating to educational institutions around the world. It was necessary to determine, from data collected from the participants, the nature of the impact of this problem. As shown in figure 4.2 below, 38% of the respondents (19 out of 50) stated that cyber-attacks have a highly devastating impact. Another 52% of the respondents (26 out of 50) stated that the impact is devastating, while 4% believe that it is somehow devastating. It means that an overwhelming majority (94%) of the participants believe that cyber-attacks have a devastating impact on the normal operations of these educational institutions. Only 2% of the respondents felt that the problem has little impact on the normal operations of these firms. The other 4% stated that they are not sure about the magnitude of the impact.
The researchers were interested in determining the frequency of cyber-attacks at the selected educational institutions within the country. It was observed that stakeholders from different departments experienced these attacks at different frequencies depending on their departments. 50% of the respondents stated that these attacks are highly frequent. Another 44% stated that the attacks are frequent. It means that an overwhelming majority of the participants (94%) believe that these attacks are frequent at the selected institutions. Another 4% stated that these attacks are less frequent, while 1% of these participants stated that these attacks are rare. The outcome of the analysis is shown in figure 4.3 below.
- Which departments are more vulnerable to cyber-attacks in these institutions?
The vulnerability to cyber-attacks varies depending on the department that has been attacked. As shown in figure 4.4 below, the finance department is the most vulnerable unit at these institutions as these cybercriminals try to steal money. 50% of those interviewed identified this as the most vulnerable department. The administration department was another unit that is prone to attacks. Such attacks, when successful, may cripple the normal running of these institutions. The research and extension department was also vulnerable as the criminals often target new ideas and intellectual property. Other major vulnerable departments that were identified include online learning, academic department, and students’ portals.
- What is the impact of cyber-attacks on the normal operations and success of learning institutions in the country?
The researchers were interested in determining how these institutions are specifically impacted by these cyber-attacks. The biggest impact of these attacks, as shown in figure 4.5 below, is the loss of financial resources. As determined from the previous analysis, most of these cybercriminals are often targeting the finance departments of these organizations. There is also the massive disruption of learning when they attack digital instruments that are meant to facilitate the normal learning process. Personalized attacks on students, the teaching staff, and the non-academic staff may also disrupt the learning environment. Loss of intellectual property is another issue that the institutions face when attacked. Some of the respondents felt that when there are such attacks, there would be poor coordination of activities, especially when the communication system is compromised.
Interpretations of Statistical Results
The statistical results above show that learning institutions in the country may have to redefine their approach to cyber-security attacks to ensure that they remain safe. Learning institutions around the world are moving from analogue to digital data management systems. They are using emerging technologies to manage data and to facilitate the learning process despite the ever-increasing threat of cyber-attack (Nguyen & Reddi, 2020). It is upon individual institutions to find ways of managing such attacks. The first step of managing these attacks is to identify their nature. The statistical analysis above has identified denial of service, phishing, malware attack, and camfecting as some of the most common forms of cyber-attack. The cyber-security team has to identify the aim of each form of attack and the potential victims. When these factors are defined, it is possible to develop a response mechanism that protects the system, departments, and individuals who are vulnerable to these attacks.
The statistical analysis has demonstrated that these attacks are becoming increasingly and the impact more devastating. Most of these criminals target the finance department because of their intention of stealing from these institutions. Some of them are also focused on disrupting the learning process. As such, they target the communication system and limit the ability of lecturers to access, process, and share information with their students. Others often target individuals for different reasons and with varying impacts. These institutions have lost resources and intellectual property to cybercriminals. Individual students, teachers, and administrators have been subjects to online bullying and harassment from these criminals (Kumar, 2020). It is the responsibility of the management to ensure that the entire digital data system is protected from any form of attack.
Discussion
The previous chapter focused on the analysis of primary data that was obtained from the sampled respondents. It was important in addressing the knowledge gaps that were identified in the literature review. In this chapter, the focus is to discuss the findings made from both primary and secondary data sources. The chapter focuses on discussing how the objectives of the study were met. It helps to understand the nature, magnitude, and frequency of cyber-security threats to local learning institutions. It also identifies the most vulnerable entities and the level of devastation of such attacks.
Assessing the Nature, Magnitude, and Frequency of Cyber-Attacks
When conducting the analysis to determine the nature of cyber-attacks, it was evident that these criminals often have varying intentions when they are attacking these institutions. The chapter above has identified various forms of attack that may affect these institutions. Financial gain is the most common driving factor that motivates these criminals to target these institutions. They want to steal from them, and it explains why the finance department is the most vulnerable unit. Others have the goal of blackmailing or harassing their targets into doing something that they would otherwise avoid. Some of these criminals have the intention of disrupting the normal learning process, an attack that may not benefit them in any way.
When assessing the magnitude of this problem, it was evident that the problem has become so common that stakeholders in the education sector can no longer ignore it. The analysis of primary data shows that all the respondents who participated in this study have experienced one or more forms of cyber-attacks. The analysis shows that the majority of the victims do not realize that they are under attack. Nguyen and Reddi (2020) observe that these criminals use sophisticated tools to execute their attack and in most cases their victims do not even realize that they are under an attack. When the crime involves data theft without any manipulation or blackmail, it easily goes undetected. It means that the problem could be worse than local stakeholders in the education sector believe it is. More effective tools and instruments are needed to facilitate the detection and neutralization of such attacks.
Detecting the frequency of cyber-attack may be complex based on the information obtained from participants. Most of these attacks go undetected because of the weak detection system that these institutions use. Rains (2020) explains that local learning institutions rely on firewall meant to protect the digital data management system from coming under an attack. Most of them lack an effective system that can record attempted attacks and those that were successful, the goal of the attack, and the potential impact. They use a reactionary approach of managing the problem where they wait for the effect to be felt before they can develop a mitigation plan.
Departments Which Are More Vulnerable to Attacks in These Institutions
The review of the literature indicated that all departments in learning institutions are vulnerable to cyber-attacks though the frequency and magnitude of these attacks vary. Like any other crime, this form of attack often has financial motives. These criminals often aim at stealing from these schools, which explains why the finance department is the most vulnerable unit. When they cannot steal money directly from the firm, then these cybercriminals would target important information that they can sell to third parties or use to blackmail individuals to pay them. When they steal intellectual properties from these institutions from the research and extension department, they often aim at selling them to willing buyers.
The analysis shows that the goal of some of these criminals is to blackmail their targets into paying them. According to Nguyen and Reddi (2020), some cybercriminals have perfected the act of blackmailing and threatening their victims into submission. They obtain sensitive information that they know they can use against their targets in ways that can compromise their job, academic progress, or ruin their reputation. They then use the information to force them to make payments into specific accounts or risk the information being exposed. The majority of these victims are often intimidated into making these payments because of the fear of the possible consequences of the exposure. Students’ portal, the administration department, and online learning departments are often targeted for such personalized information used in the blackmail.
Impact of Cyber-Attacks on Normal Operations and Success of Learning Institutions
The analysis of primary data and the review of the literature has demonstrated that the success of learning institutions is compromised by constant cyber-attacks that these institutions go through on a regular basis. As Rains (2020) argues, institutions all over the world, irrespective of their sizes, are transiting or have already transited fully from the analogue to the digital data management system. It is not possible for these institutions to roll back the progress that has been made in the technology sector by going back to the analogue system of data management. As such, they are forced to embrace the new system of managing their data. However, local learning institutions are yet to master effective methods of managing cyber-attacks, which are becoming more common and highly sophisticated. The loss of financial resources affects the ability of these institutions to undertake major developmental and operational activities.
The success of these learning institutions, especially colleges and universities where they are expected to engage in regular research in different fields, depends on close coordination of different stakeholders. Digital data platform provides a perfect avenue where these stakeholders can share their views based on findings that they have made. The problem is that when such platforms are invaded by cybercriminals, they become highly compromised depending on the intention of the attacker. These criminals can paralyze such research projects with ease if they are not effectively countered (Chishti & Puschmann, 2018). They also have the ability to disrupt the normal learning process, especially among students learning in the online platform. Blackmailing those in positions of power can have a devastating impact on the progress of the firm. When an administrator is blackmailed into doing what these criminals want, the institution may lose its integrity. Cases where unqualified individuals are hired or critical data is leaked may become common, which in turn, would lead to reduced performance of these institutions.
Summary of Finding
Findings made from the review of the literature and the analysis of primary data show that cyber-attack is a major threat to the success and normal operations of educational institutions. The primary data show that local learning institutions have made the shift from the analogue to the digital data management system. It also shows that most of these institutions are embracing online learning as a way of cutting the cost of operation, making higher education more accessible, and abiding by COVID-19 containment measures without disrupting the educational calendar. However, these impressive steps have been significantly affected by the continued cyber-attacks that these institutions face. The analysis show that although these institutions made a rapid shift from the analogue to digital platforms, they were not ready to deal with the threat associated with the new system. The attack has led to loss of finances for these institutions, loss of intellectual property, cases of blackmail, and other forms of online harassment.
Conclusion
The government of Saudi Arabia has made a significant investment in local learning institutions to ensure that they can meet international standards and play a major role in the economic development of the country through research. These institutions have received the necessary infrastructure to ensure that they can shift from analogue to digital data management systems. Although the shift has been relatively successful, the process has been affected by regular cyber-attacks by local and international cybercriminals. The impact of these attacks varies depending on their magnitude, the intention, and the individual or department that is attacked. The success of these institutions is highly compromised by these attacks. As such, it is necessary for stakeholders to find ways of addressing this problem. The researcher proposes different ways of addressing this problem.
One of the proposals made is that every institution in the country should have internal policies meant to minimize the capabilities of cybercriminals. Such policies should define punitive measures that one goes through if an investigation reveals that they aided or abetted an online attack at the institution. Harsh punishment against such culprits will discourage any temptation that internal stakeholders such as employees, students, and administrators may have. It will instill discipline among stakeholders.
The information obtained from both primary and secondary data sources also suggests strongly that the management of these institutions need to invest in emerging technologies meant to protect their databases. The only way that these institutions can combat highly sophisticated cyber-attacks is by embracing advanced technologies. They need to ensure that their systems are updated with the most-modern firewalls and other technologies meant to ensure that unauthorized parties do not have access to the firm’s database.
The review of the literature emphasized the significance of these institutions to work closely with cyber-security experts to help in monitoring and managing the threats. Most of these institutions have their IT departments meant to monitor and address these threats. However, it is apparent that these internal institutions lack the capacity to manage the sophistication of these attacks. As such, these schools are advised to work closely with external experts to help them in protecting the security and integrity of their databases.
The government also has a major role to play in dealing with these threats affecting learning institutions in the country. It is advised that the government should enact strict policies that can ensure that cybercriminals are severely punished to discourage such practices. Strict policies that spell out jail term for convicted criminals may discourage such practices. People will realize that using cyber knowledge for selfish gains at the expense of others is a punishable crime. The government should also increase financial allocations of educational institutions to enable them to fight cybercrime effectively. The analysis revealed that most of these institutions are struggling to finance their IT departments.
References
Adel, E.,.Elsawy, M., & Ahmed, S. (2019). E-Learning using the Blackboard system in light of the quality of education and cyber security. International Journal of Current Engineering and Technology, 9(1), 49-54.
Aliyu, A., Maglaras. L., He, Y., Yevseyeva, I., Boiten, E., Cook, A., & Janicke, H. (2020). A holistic cybersecurity maturity assessment framework for higher education institutions in the United Kingdom. Applied Sciences, 10(1), 1-15.
Al-Janabi, S., & Al-Shourbaji, I. (2016). A study of cyber security awareness in educational environment in the Middle East. Journal of Information & Knowledge Management, 15(1), 1-27.
Baron, A., & McNeal, K. (Eds.). (2019). Case study methodology in higher education. Information Science Reference.
Bell, E. (2018). Business research methods. Oxford University Press.
Berman, D. S., Buczak, A. L., Chavis, J. S., & Corbett, C. L. (2019). A survey of deep learning methods for cyber security. Information, 10(4), 122.
Carlton, M., Levy, Y., & Ramim, M. (2019). Mitigating cyber-attacks through the measurement of non-IT professionals’ cyber-security skills. Information & Computer Security, 27(1), 101-121.
Chishti, S., & Puschmann, T. (2018). The wealth-tech book: The fintech handbook for investors, entrepreneurs and finance visionaries. John Wiley & Sons.
Christiansen, B., & Piekarz, A. (2019). Global cyber security labor shortage and international business risk. IGI Global.
Coleman, C. D., & Reeder, E. (2018). Three reasons for improving cyber-security instruction and practice in schools. SITE, 26(30), 1020-1024.
Erendor, M., & Öztarsu, F. (Eds.). (2020). Contemporary issues in international relations: Problems of the international community. Cambridge Scholars Publishing.
Ferrag, M. A., Maglaras, L., Moschoyiannis, S., & Janicke, H. (2020). Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study. Journal of Information Security and Applications, 50(1), 5-11.
Grieco, J. M., Ikenberry, G. J., & Mastanduno, M. (2019). Introduction to international relations: Perspectives, connections, and enduring questions. Macmillan International Higher Education.
Hasan, R. (2017). Protect a university website from the different types of outside attacks. Journal of Advanced Computing and Communication Technologies. 5(4), 109-114.
Kara, H. (2020). Creative research methods: A practical guide. Policy Press.
Kumar, R. (2019). Research methodology: A step-by-step guide for beginners. SAGE.
Kumar, U. (2020). National security strategy: Securing India internally and externally, with solutions of previous year questions. Team ARSu.
Levy, Y., Ramim, M., & Hackney, R. (2013). Assessing ethical severity of e-learning systems security attacks. Journal of Computer Information Systems, 53(3), 75-84.
Mahrool, F. (2020). Research methodology, a guide for a literature review: A short description. München GRIN Verlag.
Mallette, M., & Duke, N. (2020). Literacy research methodologies. Guilford.
Muniandy, L., Muniandy, B., & Samsudin, Z. (2017). Cyber security behaviour among higher education students in Malaysia. Journal of Information Assurance & Cyber security, 7(1), 1-12.
Nguyen, T., & Reddi, V. (2020). Deep reinforcement learning for cyber security. Cryptography and Security, 3(1), 1-11.
Pawlowski, D., & Jung, Y. (2015). Social representations of cybersecurity by university students and implications for instructional design. Journal of Information Systems Education, 26(4), 281-291.
Politano, M., Walton, R., & Parrish, A. (2018). Statistics and research methodology: A gentle conversation. Hang Time Publishing Limited.
Rains, T. (2020). Cybersecurity threats, malware trends, and strategies: Learn to mitigate exploits, malware, phishing, and other social engineering attacks. Packt Publishing Ltd.
Rajesh, M. (2017). A systematic review of cloud security challenges in higher education. The Online Journal of Distance Education and e-Learning, 5(4), 1-9.
Tallón-Ballesteros, A. J. & Chen, C. H. (Eds.). (2020). Machine learning and artificial intelligence: Proceedings of MLIS 2020. IOS Press.
Williams, P., & McDonald, M. (Eds.). (2018). Security studies: An introduction. Taylor & Francis.
Zhang, P. (Ed.). (2019). Role of block-chain technology in IOT applications. Elsevier.
Appendix: Questionnaire
Part A: Demographical Background
- Kindly select your age group
- 18-24 Years
- 25-36 Years
- 37-44 Years
- 45-60 Years
- Over 60 Yes
- What is your nationality?
- Saudi National
- Non-Saudi National
- How long have you been staying in Saudi Arabia? (For non-Saudi nationals only)
- Less than 2 years
- 2-4 Years
- 5-7 Years
- 8-10 Years
- Over 10 Years
Part B: Experience and Educational Background
- What is your highest academic qualification?
- High school
- Diploma
- Degree
- Master
- Doctorate
- Which department do you belong at this institution?
- Finance
- Administration
- Online Learning
- Research and Extension
- Student
- Other (Specify)
- How long have you been in the department stated in question 2 above?
- Less than 1 Year
- 1-2 Years
- 3-4 Years
- 5-7 Years
- Over 7 Years
Part C: Cyber Security Threats to Educational Institutions
- What is the nature of cyber-security threats that you frequently experience? (State only one)
- What is the magnitude of cyber-security threat that your institution often experience?
- What is the frequency of the cyber-security threats that the institution faces?
- Which departments are most vulnerable to cyber-attacks in these institutions?
- What is the impact of cyber-attacks on the normal operations and success of learning institutions in the country?
- How can your institution manage the cyber-security threats that it faces in its operations?
- How can the government help in addressing the cyber-security threats