A survey on college students’ cybersecurity awareness and education from the perspective of China

Year 2023, Volume: 11 Issue: 3 - September 2023, 351 - 367, 02.10.2023

Hongbo GUO Hasan TINMAZ

https://doi.org/10.17478/jegys.1323423

Abstract

As people increasingly rely on information and communication technology (ICT), a variety of cyber security issues are emerging, making improving cyber security awareness (CSA) an important topic. This quantitative study focuses on a group of college students from eight local public universities in China (n=1710) and aims to investigate their CSA and education levels using a 32-question questionnaire. Descriptive statistics and cross analysis were used to analyze the current situation related to cybersecurity in college. The results showed that nearly 50% of students spend more than four hours online, with female students spending more online time than males. Smartphones are currently the most popular devices, and spam is the most common issue they encounter. Descriptive statistics, independent samples t-test, and One-way ANOVA test were used to analyze the levels of CSA and education. For CSA, all students are still weak in their password practices. Male students have higher CSA levels in usage habit related to device and HTTP use, but female students perform better in social media. Majors do not make a significant difference in CSA, and freshmen perform better than juniors in device and HTTP application. Regarding cybersecurity education, almost all students believe that colleges need to strengthen information security education. Male students are more familiar with cybersecurity laws, and there are differences in the education methods chosen by students in different majors. Students majoring in computer-related fields prefer more specialized knowledge. This study not only provides valuable insights into the prevailing state of CSA among college students but also offers effective recommendations for enhancing cybersecurity education practices in colleges. The findings underscore the importance of addressing weaknesses in password practices and emphasize the need for comprehensive educational approaches that encompass various facets of cybersecurity. Institutions should consider tailoring their instructional strategies to meet the unique needs of students from diverse academic disciplines. Moreover, fostering awareness of cybersecurity laws and regulations is crucial for all students, regardless of their major.

Keywords

Cybersecurity, Information security, College students, Information security education, higher education

Thanks

This work was partially supported by the Shaanxi education science "13th Five-Year Plan" 2020 annual program in Shaanxi Province of China (Grant No. SGH20Y1338), Yulin Science and Technology Project Plan in Yulin of China (Grant No. CXY202000706), and Yulin High-tech Zone Science and Technology Plan Project (Grant No. CXY202166). This research was funded by Woosong University Academic Research in 2022.

References

• Ahmed, N., Kulsum, U., Bin Azad, I., Momtaz, A. S., Haque, M. E., & Rahman, M. S. (2017). Cybersecurity Awareness Survey: An analysis from bangladesh perspective. 2017 IEEE Region 10 Humanitarian Technology Conference (R10-HTC). https://doi.org/10.1109/r10-htc.2017.8289074
• Al-Janabi, S., & Al-Shourbaji, I. (2016). A study of cyber security awareness in educational environment in the Middle East. Journal of Information & Knowledge Management, 15(01), 1650007. https://doi.org/10.1142/s0219649216500076
• Al-Ghamdi, M. I. (2021). Effects of knowledge of cyber security on prevention of attacks. Materials Today: Proceedings, https://doi.org/10.1016/j.matpr.2021.04.098.
• Alharbi, T., & Tassaddiq, A. (2021). Assessment of cybersecurity awareness among students of Majmaah University. Big Data and Cognitive Computing, 5(2), 23. https://doi.org/10.3390/bdcc5020023
• Alotaibi, F., Furnell, S., Stengel, I., & Papadaki, M. (2016). A survey of cyber-security awareness in Saudi Arabia. 2016 11th International Conference for Internet Technology and Secured Transactions (ICITST). https://doi.org/10.1109/icitst.2016.7856687
• Alqahtani, M. A. (2022). Factors Affecting Cybersecurity Awareness among University Students. Applied Sciences, 12(5), 2589. doi:10.3390/app12052589.
• Annansingh, F., & Veli, T. (2016). An investigation into risks awareness and e-safety needs of children on the internet: A study of Devon, UK. Interactive Technology and Smart Education, 13(2), 147–165.https://doi.org/10.1108/ITSE-09-2015-0029.
• CNNIC (2022). The 49th Statistical Report on Internet Development in China. http://www.cnnic.net.cn/hlwfzyj/hlwxzbg/ .
• Corallo, A., Lazoi, M., Lezzi, M., & Luperto, A. (2022). Cybersecurity awareness in the context of the Industrial Internet of Things: A Systematic Literature Review. Computers in Industry, 137, 103614. https://doi.org/10.1016/j.compind.2022.103614
• Edgar, Thomas W., & Manz David O.. (2017). Research Methods for Cyber Security - 1st Edition, [eBook edition]. Elsevier. https://www.elsevier.com/books/research-methods-for-cyber-security/edgar/978-0-12-805349-2.
• Elbedour, S., Alqahtani, S., El Sheikh Rihan, I., Bawalsah, J. A., Booker-Ammah, B., & Turner, J. F. (2020). Cyberbullying: Roles of school psychologists and school counselors in addressing a pervasive social justice issue. Children and Youth Services Review, 109, 104720. https://doi.org/10.1016/j.childyouth.2019.104720
• Gamreklidze, E. (2014). Cyber security in developing countries, a digital divide issue. Journal of International Communication, 20(2), 200–217. https://doi.org/10.1080/13216597.2014.954593
• Garba, A. A., Siraj, M. M., Othman, S. H., & Musa, M. A. (2020). A Study on Cybersecurity Awareness Among Students in Yobe State University, Nigeria: A Quantitative Approach. Int. J. Emerg. Technol, 11(5), 41-49. https://www.academia.edu/download/64160387/ A Study on Cybersecurity Awareness.pdf
• Grassegger, T., & Nedbal, D. (2021). The role of employees’ information security awareness on the intention to resist social engineering. Procedia Computer Science, 181, 59-66. https://doi.org/10.1016/j.procs.2021.01.103
• Hart, S., Margheri, A., Paci, F., & Sassone, V. (2020). Riskio: A serious game for cyber security awareness and Education. Computers & Security, 95, 101827. https://doi.org/10.1016/j.cose.2020.101827
• Ho, S. M., & Gross, M. (2021). Consciousness of cyber defense: A collective activity system for developing Organizational Cyber Awareness. Computers & Security, 108, 102357. https://doi.org/10.1016/j.cose.2021.102357
• Hunt, T. (n.d.). Cyber Security Awareness in Higher Education. ScholarWorks@CWU, https://digitalcommons.cwu.edu/source/2016/cob/1/
• Katsikeas, S., Johnson, P., Ekstedt, M., & Lagerström, R. (2021). Research communities in cyber security: A comprehensive literature review. Computer Science Review, 42, 100431. https://doi.org/10.1016/j.cosrev.2021.100431
• Klein, G., Zwilling, M., & Lesjak, D. (2022). A comparative study in Israel and Slovenia regarding the awareness, knowledge, and behavior regarding cyber security. Research Anthology on Business Aspects of Cybersecurity, 424-439. https://doi.org/10.4018/978-1-6684-3698-1.ch020
• Kritzinger, E., Bada, M., & Nurse, J. R. (2017). A study into the Cybersecurity Awareness Initiatives for school learners in South Africa and the UK. Information Security Education for a Global Digital Society, 110–120. https://doi.org/10.1007/978-3-319-58553-6_10
• Li, N., Tsigkanos, C., Jin, Z., Hu, Z., & Ghezzi, C. (2020). Early validation of Cyber–Physical Space Systems via multi-concerns integration. Journal of Systems and Software, 170, 110742. https://doi.org/10.1016/j.jss.2020.110742
• Liu, S. H., & Chen, J. (2021). Research on countermeasures of college Students' personal information security protection -- taking telecom network fraud as an example. University: Research and Management, (6), 73-74. https://kns.cnki.net/kcms2/article/abstract?v=3uoqIhG8C44YLTlOAiTRKibYlV5Vjs7iJTKGjg9uTdeTsOI_ra5_XVaXU2rLKrXTEU207jWtzbBARioEJ3Wr0mJV9M5ade9a&uniplatform=NZKPT
• Liu, X. H., & Chao, C. X. (2011). A survey of college students' awareness of cyber security and the current situation of education. Vocational Education Forum, 14, 94-96. https://kns.cnki.net/kcms2/article/abstract?v=3uoqIhG8C44YLTlOAiTRKgchrJ08w1e7tvjWANqNvp-BLuadic5ChiGVwneXb4f8CKUJYzs-wqeQYvSnPiIF8eG9lpdsI4_W&uniplatform=NZKPT
• Maennel, K., Mäses, S., Sütterlin, S., Ernits, M., & Maennel, O. (2019). Using technical cybersecurity exercises in university admissions and skill evaluation. IFAC-PapersOnLine, 52(19), 169-174. https://doi.org/10.1016/j.ifacol.2019.12.169
• Matyokurehwa, K., Rudhumbu, N., Gombiro, C., & Mlambo, C. (2020). Cybersecurity awareness in Zimbabwean Universities: Perspectives from the students. Security and Privacy, 4(2). https://doi.org/10.1002/spy2.141
• Moallem, A. (2018). Cyber security awareness among college students. Advances in Intelligent Systems and Computing, 79-87. https://doi.org/10.1007/978-3-319-94782-2_8
• Morrison, J. (2019, September 20). Assessing questionnaire reliability. Retrieved May 7, 2022, from https://select-statistics.co.uk/blog/assessing-questionnaire-reliability/.
• Okesola, J. O., Onashoga, A., & Ogunbanwo, A. (2016). An investigation into users’ information security awareness on social networks in south western Nigeria. South African Journal of Information Management, 18(1), 1-7. https://doi.org/10.4102/sajim.v18i1.721
• Quayyum, F., Cruzes, D. S., & Jaccheri, L. (2021). Cybersecurity awareness for children: A systematic literature review. International Journal of Child-Computer Interaction, 30, 100343. https://doi.org/10.1016/j.ijcci.2021.100343
• Rahim, N. H., Hamid, S., Mat Kiah, M. L., Shamshirband, S., & Furnell, S. (2015). A systematic review of approaches to assessing cybersecurity awareness. Kybernetes, 44(4), 606–622. https://doi.org/10.1108/k-12-2014-0283
• Rajesh Chandarman, & Brett Van Niekerk. (2017). Students' cybersecurity awareness at a private tertiary educational institution. The African Journal of Information and Communication (AJIC), (20). https://doi.org/10.23962/10539/23572
• Ratten, V. (2015). A cross-cultural comparison of online behavioural advertising knowledge, online privacy concerns and social networking using the technology acceptance model and social cognitive theory. Journal of Science & Technology Policy Management, 6(1), 25–36. https://doi.org/10.1108/jstpm-06-2014-0029
• Sarathchandra, D., Haltinner, K., & Lichtenberg, N. (2016). College students' cybersecurity risk perceptions, awareness, and practices. 2016 Cybersecurity Symposium (CYBERSEC). https://doi.org/10.1109/cybersec.2016.018
• Senthilkumar, K., & Easwaramoorthy, S. (2017). A survey on cyber security awareness among college students in Tamil nadu. IOP Conference Series: Materials Science and Engineering, 263, 042043. https://doi.org/10.1088/1757-899x/263/4/042043
• Sun, W. (2018). Investigation and Research on Network Security Consciousness of University students in Dalian (Master’s thesis, Dalian University of Technology, Dalian, China). https://kns.cnki.net/KCMS/detail/detail.aspx?dbname=CMFD201901&filename=1018718387.nh.
• Xu, D. H., Zeng, L., Wang, R. J., & Zhang, Z. (2019). Investigation on network security awareness and protection skills of postgraduates. China University of science & Technology (z1), 125-128. https://doi.org/10.16209/j.cnki.cust.2019.z1.033