Cyber-Security Culture Assessment in Academia: A COVID-19 Study: Applying a Cyber-Security Culture Framework to assess the Academia's resilience and readiness

Abstract

Times of crisis have long been combined with an increase in cybercrime, exploiting the general instability; therefore, in such times, systems and infrastructures face greater exposure to vulnerabilities. On top of that, the COVID-19 crisis has increased our reliance on the internet, while working-from-home has been the daily reality for a large proportion of the population worldwide. Increased cyber-security awareness becomes a necessity for everyone, starting from a more knowledgeable audience; IT professionals, and software engineers. In this context, this paper aims to assess the cyber-security culture readiness of representatives studying or working within a European Polytechnique Academic Institution, during the COVID-19 crisis. Towards that end, a targeted evaluation campaign was launched for two weeks, from 28th February 2022 to 13th March 2022. The campaign consisted of four questionnaires of increased difficulty and a phishing quiz, all assessing the security culture of the participants against three dimensions; their security attitude, their competency, and their actual behavior. The campaign results have been thoroughly analyzed, and the findings were unforeseen in many cases, supporting the identification of security awareness weaknesses and assisting in drafting targeted, customized training programs.