CYBER SECURITY AWARENESS AND EDUCATION AMONG HIGH SCHOOL, COLLEGE, AND UNIVERSITY STUDENTS IN BELARUS

CYBER SECURITY AWARENESS AND EDUCATION AMONG HIGH SCHOOL, COLLEGE, AND UNIVERSITY STUDENTS IN BELARUS

Victoria Panassevitch

independent researcher,

Belarus, Minsk

ABSTRACT

In the last decade, Belarus has been in the top of cyber-insecure countries in Europe. Since a cyber security course is unavailable at high schools and colleges, the initiative to learn more about the topic and its practical aspects is down to young Belarusians. This research investigated the rate of the most widespread cyber attacks in the country and the aptitude of national educational institutions to adopt a cyber security course. The cyber security awareness and knowledge of cyber attack elimination techniques of 110 Belarusian high school, college, and university students were assessed through an online survey. Despite above-average proficiency in device usage and upper-intermediate-level expectations of their cyber security knowledge, younger students happened to have weak cyber security awareness while the older participants demonstrated average-level awareness. Key findings of diverse reports about cyber security programs’ implementations at educational institutions across the globe were recommended to be addressed during the development of cost-effective cyber security courses for Belarusian students.

Keywords: cyber security, educational institutions, cyber attacks, cyber security course.

1. Introduction

With an internet penetration rate of 85.1% of the total population [5], Belarus now has the second highest level of cybercrime exposure in Europe [2]. The rising generation of Belarusians, high school, college, and university students, is most exposed to internet technologies. With the onset of the COVID-19 pandemic, malicious actors have taken advantage of the increased presence of youth and adults in cyberspace. Phishing campaigns and malware distribution through seemingly genuine websites or documents providing information or advice on COVID-19 are used to infect computers and extract user credentials [11]. Young adults, with their innate curiosity to keep abreast of the global news are vulnerable as never before.

2. Vulnerability to Cyber Attacks

In 2020, Belarus enabled 97.7% of the young generation to access the internet [7]. While many students make good use of the opportunities published on the internet, the encounter of threats in cyberspace may disrupt this positive experience.

2.1 National Cyber Threat Assessment

In recent years, Belarus was ranked the third most cyber-insecure country in Europe [9]. In December 2017, 34.9% of computers in Belarus encountered malware, compared to the December 2017 worldwide encounter rate of 18.3%. At the beginning of 2020, Belarus had the most malware encounters in Europe, with 10.17% of machines facing this type of cyber attack every month on average. Moreover, 0.06% of machines encountered ransomware, which made Belarus the second most vulnerable country to that cyber threat [9].

2.2 Cyber Security Behavior

Generation Z is prone to oversharing personal information on social networks. The imprudent behavior of youth on the internet can stem from some personal traits, sometimes influenced by culture and nationality. As determined by Belarusians themselves, one of the most prominent personal traits of Belarusians are benevolence, hospitality, sympathy, honesty, and kindness [9]. One implication of the national character is that children raised according to the aforementioned values are more likely to exhibit them in cyberspace. Thus, cyber security awareness and cyber security skills need to be massively taught and practiced to ensure that young Belarusians do not become victims of social engineering cyber attacks due to innate openness and other personal characteristics.

3. Cyber Security Education: Potential of Belarus

The objective of cyber security education is to educate the users of technology on the potential risks they face when using internet communication tools, such as social media, chat, online gaming, email, and instant messaging [8]. The concept of cyber security is briefly mentioned in the national curriculum designed by the Ministry of Education for the Information Technologies class for tenth grade students [6]. Nevertheless, state-approved textbooks for tenth and eleventh grade students do not include information on current cyber threats and practical instructions for students to secure their private information and identify malicious websites.

3.1 Investment in Education and Internet Access

The government’s expenditure on education in 2020 was 4.95% of Belarus’s GDP [1], which has slightly declined from 5.38% of the GDP in 2018. The investment is at a level similar to that of neighboring developed European countries; thus, the government has the financial opportunity to implement cyber security classes or programs in educational institutions.

According to the sample household living standards survey of the Information Society in the Republic of Belarus, the sixteen to twenty-four-year-old group had the highest level of access to the internet, which was 97.7% of the sample aged six to seventy-two [7].

In the 2020–2021 academic year, the number of institutions with computer classrooms and internet access was 91% and 99.4% of total general secondary institutions. On average, an institution used twenty-six personal computers for educational purposes, which is fourteen students per personal computer [7]. Although access to personal computers is not very high, it is enough to cultivate cyber security hygiene and conduct practical training on how to eliminate cyber threats in educational institutions.

4. Methodology

The survey consisted of a total of eighteen questions in Russian, three of which were targeted at those who experienced a cyber attack. The questionnaire was designed to first allow the participants to evaluate their computer skills and cyber security hygiene, and then test their knowledge of specific threats in cyberspace. This strategy was implemented to reveal the level of cyber security awareness through the comparison of the youngsters’ expectations of their cyber security knowledge to their real proficiency in dealing with the most widespread information security issues.

The Google* Forms questionnaire was distributed through public groups with the target audience on Telegram. The participants were eligible for the survey if they met the following criteria: (1) they were citizens or legal residents of Belarus; (2) they were enrolled in a Belarusian upper-secondary or higher education institution. Students were expected to be aged between sixteen and twenty-four years old. Participants were informed that the survey was anonymous and that underage students needed permission from their legal guardians to participate.

The sample of 110 participants was divided into three subgroups by education level and with regard to students’ age (see table 1). In subgroup 1, there are high school and college first- or second-year students of sixteen to eighteen years old. Similarly, subgroup 2 includes third or fourth-year college students and first or second-year university students. Subgroup 3 consists of only university students in their third or fourth year of bachelor’s studies. The division was performed in order to detect the differences in the levels of cyber security awareness and education among students with different educational backgrounds.

Table 1.

The sample’s distribution by education level

5. Data Analysis

5.2 Self-Assessment

Firstly, students were asked to identify their level of proficiency in the use of technological devices. As demonstrated in figure 1, more than half of subgroup 1 indicated an above-average level of device proficiency, the majority of subgroup 2 chose above-average and average levels, and responses with an advanced device proficiency level dominated in subgroup 3. The statistics prove that Belarusian students’ technical skills improve with education level and age. However, most high school students have already achieved mastery of their devices.

Figure 1. Students’ device proficiency level across three subgroups

Secondly, participants rated their knowledge and skills on the topic of cyber security threats. On a scale from one, the lowest, to five, the highest, the mean score of subgroup 1 turned out to be surprisingly high - 3.88 (see figure 2). Compared to the second subgroup’s mean score of 3.18 and a score of 4.05 of the third subgroup, the first subgroup considered themselves to have cyber security knowledge similar to the level of participants pursuing their last years of undergraduate studies.

Figure 2. Study participants’ self-assessment of cyber security

Thirdly, the dichotomous questions in this section were targeted to determine whether students take action on protecting their personal data and are able to tell that their device is infected. Pearson's chi-square test of independence with a threshold of p-value set at 0.05 was performed to analyze the relationship between the answers and the subgroups. As shown in table 2, the chi-square statistic for the first question was 6.25, which was greater than the critical value of 5.99 for two degrees of freedom. Observed results demonstrated that the decision to use protection measures against cyber attacks depends on education level. Unexpectedly, only 36.36% of subgroup 2 confirmed that they use data protection measures. This percentage was significantly lower compared to other subgroups. This inconsistency may be due to the difference in age or a small sample size. As for the second question, the chi-square test concluded that there was no relationship between the knowledge of methods to identify an infected device and education level.

Table 2.

Survey participants’ data security skills and knowledge

5.3 Cyber Security Awareness and Knowledge

The sources that initiated young people’s cyber security awareness are presented in figure 3. The option of self-education prevailed in subgroups 1 and 2. What stands out is that 57.14% of subgroup 3 indicated their current or previous educational institution as a primary source of cyber security information. Given that subgroup 3 consists of junior and senior undergraduate students, it can be inferred that most of them became familiar with cyber security practices at university, and some could have majored in a computer science-related discipline.

Figure 3. Students’ sources of cyber security information. The data represents the answers to the multiple-choice survey question “How did you learn about cyber security?”

With a view to detect the types of cyber attacks Belarusian generation Z faces the most, students were inquired about their cyber security attack experiences.

Figure 4. Cyber attack encounter. The data represents the answers to the question: “Have you ever been a victim of a cyber attack?”

In all three subgroups, more than half of the participants have been subjected to a cyber attack in their lifetime (see figure 4). In subgroup 1, 52.56% of all students confirmed that they faced a cyber attack at least once. In subgroups 2 and 3, 63.64% and 80.95% of the adolescents, respectively, became victims of a cyber attack. The number of the affected students increases and the number of the unaffected decreases relatively at the same rate throughout the subgroups. To identify specific cyber threats, two additional short-response questions appeared for sixty-five respondents who answered positively to the aforementioned item. The following attacks dominated: social media account hacking and password theft, mostly on Instagram (a social network banned on the territory of the Russian Federation, as a product of the Meta organization, recognized as extremist - ed.), video game password theft, download of viruses, Trojans specifically, along with video game software such as Brawl Stars and Minecraft. The second additional question revealed that the most frequent measures students took to get rid of cyber attacks were password change, anti-virus installation, assistance of friends or an app's technical support team. All in all, the victims either employed simple security practices or asked more knowledgeable people to help them.

Based on the research of the most widespread cyber attacks in Belarus and worldwide, the sample’s knowledge was tested on the following cyber threats: phishing, adware, malware, and ransomware.

As displayed in table 2, the sample had the most knowledge of phishing and malware. It was highlighted previously that malware had a high number of encounters in the country and among the younger generation, so extensive awareness of this cyber security attack was expected. What is striking is that students had little knowledge of adware and ransomware in particular. Moreover, 7.69% of subgroup 1 and 18.18% of subgroup 2 hadn’t heard about the concept of adware prior to the survey. Similarly, 5.13% of subgroup 1 and 18.18% of subgroup 2 were unaware of ransomware, which is overly widespread in Belarus compared to other countries in the area [8].

A critical value of 9.49 was used to interpret the results of the chi-squared test presented in table 3. It has been found that awareness and knowledge of phishing, malware, and ransomware depends on education level. Nevertheless, it is not the case for the students’ awareness of ransomware.

Table 3.

Study participants’ cyber attack awareness across three subgroups

The comparison of the results of self-assessment and rates of awareness of four cyber attack types was performed in figure 5. The comparison revealed that students in subgroup 1 were overly confident when evaluating their cyber security knowledge, falling 1.35 points lower than anticipated. Members of subgroup 3 also overestimated their knowledge by 1.01 points. Surprisingly, students in subgroup 2 underestimated their cyber security skills and scored 0.34 points better than expected. For all subgroups combined, the mean cyber security awareness level deduced from table 2 resulted in 3.03 points, with an expected mean score of 3.70.

Figure 5. Comparison of expected and observed levels of cyber security awareness on a five-point scale. The mean of percentages demonstrated in table 2 was calculated for three subgroups and converted into a five-point system

5.4 Cyber Security Training

The last section of the survey aimed to identify the interest of the target audience in receiving cyber security education in educational institutions. In response to the first question "Would you like a cyber security course to be taught at educational institutions?” 66.36% of the sample answered positively. These seventy-three participants were asked to choose if a physical cyber security class or an online course would be most comfortable for them. Most students, 57.53%, or forty-two young adults, choose the option of an online course. This relatively equal split in half demonstrates that Belarusian students are flexible in terms of the format a new cyber security course can take.

6. Recommendations

The findings discussed in this section can be incorporated into educational programs in offline and online formats and are applicable to high schools and colleges.

Researchers from Tallinn University of Technology employed an Analyze, Describe, Develop, Implement, and Evaluate model to develop an interactive online cyber security course [4]. They utilized Moodle as the main platform for storing class recordings and additional useful information. During the online lectures, a Wooclap platform was used to engage all students to respond to questions. Both of the platforms are free and have proved to be efficient in research. The course’s content covered the following topics: general concepts of phone security, security of unknown links, backups, password security, unattended devices, antivirus applications, and phishing attacks.

Since 2020, awareness of cyber security risk among high school students has been investigated in several European Union countries. Findings of the survey inquiring about the specific topics for cyber security courses showed that European high school students were most interested in learning about cyber security in social networks. Topics such as distinguishing fake online content, downloading files safely, setting stronger passwords were also in high demand. Following e-learning trends, this research tested three serious video games on high school students to consider their effectiveness of training cyber security skills. The Target Attack adventure game that challenges players to fight data breach received the highest satisfaction rating and topics addressed by the game were understood at an average level [3].

7. Conclusion

In recent years, the rate of cyber attacks on the territory of Belarus has been fluctuating within the highest range recorded in continental Europe. The survey’s participants overestimated their cyber security knowledge, however college students in their last years of study and undergraduate freshmen and sophomores became the exception. The survey’s analysis as well as discussion of tested cyber security courses identified the following topics for further integration into Belarusian cyber security courses: security of social networks and unknown links, strong passwords, backup and anti-virus applications. The implementation of cyber security courses at Belarusian educational institutions will not only boost national cyber security. Most importantly, youth will know how to make cyberspace a safe learning environment for themselves and their community.

*(At the request of Roskomnadzor, we inform you that a foreign person who owns Google information resources is a violator of the legislation of the Russian Federation - ed. note)

References:

1. Countryeconomy.com. "Belarus - Government Education Expenditure 2020." Countryeconomy.com. Accessed August 28, 2022. https://countryeconomy.com/government/expenditure/education/belarus.
2. Frisby, Joshua. “Cybersecurity Exposure Index (CEI) 2020.” PasswordManagers.co. June 2, 2020. https://passwordmanagers.co/cyber security-exposure-index/.
3. Jerman Blažič, Borka, and Andrej Jerman Blažič. “Cybersecurity Skills among European High-School Students: A New Approach in the Design of Sustainable Educational Development in Cybersecurity.” Sustainability 14, no. 8 (April 15, 2022): 4763. https://doi.org/10.3390/su14084763.
4. Karimnia, Rooya, Kaie Maennel, and Mahtab Shahin. “Culturally-Sensitive Cybersecurity Awareness Program Design for Iranian High-School Students.” Proceedings of the 8th International Conference on Information Systems Security and Privacy, (2020): 121-32. https://www.scitepress.org/Link.aspx?doi=10.5220/0010824800003120#.
5. Kemp, Simon. “Digital 2022: Belarus.” DataReportal. February 15, 2022. https://datareportal.com/reports/digital-2022-belarus.
6. Ministry of Education of the Republic of Belarus. Учебная Программа по Учебному Предмету «Информатика» для Х Класcа Учреждений Образования, Реализующих Образовательные Программы Общего Среднего Образования с Русским Языком Обучения и Воспитания (Базовый Уровень) [Curriculum on the Subject “Computer Science” for the X Class of Educational Institutions Implementing Educational Programs of General Secondary Education with the Russian Language of Instruction and Education (Basic Level)]. Decree 140. Minsk, 2020. Accessed August 21, 2022. https://adu.by/images/2020/08/up-Informatika-X-kl_bazavi_uroven_rus.docx.
7. National Statistical Committee of the Republic of Belarus. Information Society in the Republic of Belarus. Minsk: IVC, 2021. https://www.belstat.gov.by/ofitsialnaya-statistika/publications/izdania/public_compilation/index_39954/.
8. Rahman, N. A. A, I. H. Sairi, N. A. M. Zizi, and F. Khalid. "The Importance of Cybersecurity Education in School." International Journal of Information and Education Technology 10, no. 5 (May 2020): 378-82. http://dx.doi.org/10.18178/ijiet.2020.10.5.1393.
9. Specops Software. “The European Countries Most at Risk of Cyber-Crime.” Specops Software. February 19, 2020. https://specopssoft.com/blog/european-countries-cyber-crime/.
10. Starichyonok, Valentin. “Value Priorities of Belarusians: Focusing on Peace and Welfare." The Belarusian Institute of Strategic Research. February 17, 2022. https://bisr.gov.by/en/mneniya/value-priorities-belarusians-focusing-peace-and-welfare.
11. The Council of Europe. “Cybercrime and COVID-19.” Council of Europe. May 26, 2020. https://www.coe.int/en/web/cybercrime/news/-/asset_publisher/S73WWxscOuZ5/content/cybercrime-and-covid-19?inheritRedirect=false.