Cybersecurity Attacks on Academic Data and Personal Information and the Mediating Role of Education and Employment

The cyberspace has simultaneously presented opportunities and challenges alike for personal data security and privacy, as well as the process of research and learning. Moreover, information such as academic data, research data, personal data, proprietary knowledge, complex equipment designs and blueprints for yet to be patented products has all become extremely susceptible to Cybersecurity attacks. This research will investigate factors that affect that may have an influence on perceived ease of use of Cybersecurity, the influence of perceived ease of use on the attitude towards using Cybersecurity, the influence of attitude towards using Cybersecurity on the actual use of Cybersecurity and the influences of job positions on perceived ease of use of Cybersecurity and on the attitude towards using Cybersecurity and on the actual use of Cybersecurity. A model was constructed to investigate eight hypotheses that are related to the investigation. An online questionnaire was constructed to collect data and results showed that hypotheses 1 to 7 influence were significant. However, hypothesis 8 turned out to be insignificant and no influence was found between job positions and the actual use of Cybersecurity.


Introduction
Cybersecurity has become an integral component of internet-connected systems in as far as the protection of such systems is concerned. Cybersecurity provides a proactive approach towards the mitigation of cyber attacks on academic data and personal information, which result in data breaches and identity theft [1]. In arrays, including academia, smart cities and manufacturing automation. This spread has resulted in opportunistic changes such as an increased quality of life, effective service delivery and an increase in the number of clients that can be effectively served [6]. For instance, through the automation of most of the academic document management systems and learner material delivery, one instructor can comprehensively manage and assess large numbers of learners per class, in contrast to the smaller numbers generated by a manual system. On the other hand, the deployment and proliferation of Information and Communications Technology (ICT) has resulted in significant challenges to data security.
The demanding matter of privacy when choosing a technology platform to adopt as an institution remains paramount, in addition to the consent of the platform owners to the option chosen [7] [8] [9]. Social media platforms including Facebook, Twitter, Instagram and Google among others have had challenges in the compliance of privacy and data security laws of other countries in the European Union as well as Australia [10] [11] [12]. While there are remarkable benefits to the adoption of robust technological solutions in academic fronts as well as personal life, privacy threats initiated by pirates and hackers fraudulently accessing otherwise private data as a result of the Internet connectivity of ICT remain a significant drawback [13].
Modern society significantly depends on technology in most of its facets.
More often than not, ICT based devices are interdependent, which suggest that despite one party being robust and proactive in securing data, failure of other devices to abide by privacy laws holds a negative effect on the rest [14]. Consequently, there are concerns about the process of authorizing the government a role in the protection of data through legislation and eventually institutions, which imply that governments may unlawfully access the private data of its citizens for surveillance means and political gain [15].
Traditionally, Cybersecurity has been largely associated with the software elements of ICT devices, however, recent findings have demonstrated otherwise.
Huawei Technologies have demonstrated that at the point of manufacturing, hardware may be made to illegitimately and clandestinely transmit data to the manufacturer [16]. The transmission of such data results in surveillance and data breach, and governments as well as private institutions should strive to ensure the safety and integrity of their data [17].
As stated by experts and policy makers, the frequency and severity of cyber attacks is anticipated to continue rising and venturing into areas that were not prime targets in the past, such as academic data. Personal data has always been targeted by hackers because of the value attached to it by marketing institutions and the field of social engineering [18].

Cybersecurity Attacks on Academic Data
Academic data has become a prime target for cyber-attacks owing to the invaluable user information, computing resources, instrument designs, proprietary com-pounds, personal communications, and patient data for schools offering referral hospital services [19] [20]. Most of the information is accessible to devices that are connected to the World Wide Web via the Internet. As such, it is imperative that the developers of such websites must have sufficient experience to mitigate the chances of having a "poorly written code, open ports or digital entry points" [21]. This would compromise the operating system and computer hardware of the institutions. According to Perkel [22] and Kent [23], cyber-attacks are varied and may come from unlikely sources such as the "installation of programs intended to co-opt system resources to keystroke loggers and scanning software designed to purloin user information and passwords" (p. 1261).
Research data has become the new front for cyber-attacks alongside a range conflicting interests between researchers and the information security experts. On the one hand, information security experts advocate for a system that is centralized in an attempt to enhance monitoring and system administration aspects such as limiting access and monitoring the traffic to such storage systems [24]. On the contrary, the ethos of researchers is that such data should be readily available to students, fellow researchers, and collaborators [25]. Fortunately, advances in security solutions have, to an extent, enabled academic data to be managed in an unconstrained manner [26] [27]. Similarly, hackers have developed their skills in proliferating such systems. As a result, the Cybersecurity advances to academic data can be viewed as a continuously evolving phenomenon that will continue in perpetuity [23].
Drive-by hackers rank the highest amongst the reported number of attempted cyber-attacks on educational networks. In most instances, the drive-by hackers are professionals in the organized crime industry or in some instances State actors whose intentions largely remain unknown. Universities continue to report a rising number of attacks and data breaches according to EDUCAUSE [23] [28] [29]. EDUCAUSE is a non-profit organization established by higher education IT professionals and as such provides some of the most credible data on Cybersecurity incidences in relation to the academic sector [30] [31]. Besides, the organization has transformed to providing invaluable insights relating to policy and best practices when securing research data. Despite the remarkable contribution of such organizations, some challenges remain prominent such as underfunding and researcher independence [32].
Researcher independence presents the largest challenge to the implementation of security policies on academic data, more specifically research related data. Cybersecurity and information systems management largely fall under the administrative field. Researcher needs may not conform to the procedural nature of Cybersecurity protocols already in place for universities and other academic institutions. For instance, the nature of the researcher's work demands installing of certain software programs; collaborating with colleagues from different parts of the world in addition to developing and deploying tools that are designed for both private and public consumption [33]. The degree of such instances varies between the works of different researchers, and thus may result in the exposure of an institution's networks to unauthorized access and manipulation [22] (p. 1261).
Despite improvements in technology such as the invention of virtual machines that allow all users to practically log on to a central computer that can be managed by the information security experts, breaches are still occurring. The benefits remain that that despite any attack, a properly managed central computer can be rolled back in a matter of seconds. Therefore, Cybersecurity shifted its focus beyond mitigating cyber-attacks; to acknowledging that they are inevitable and consequently new policies are being created to ensure that data is always available [34] [35]. Cloud computing solutions have immensely contributed to immediate data recovery as well as backup integrity since they are mostly managed by highly specialized professionals using state of the art equipment and in most cases anonymous locations [25]. Virtual machines and cloud computing solutions including isolated architectures helps in reducing the chances of a cyber-attack more effectively in addition to the professional security provided, continuous monitoring, auto backup and restoration protocols [36].

Cybersecurity Attacks on Personal Information
At present, society is, more than ever, facing a myriad of sophisticated security risks in cyberspace as a result of the evolution of malicious cyber-attacks [37] [38] [39] [40]. According to Li, et al., [41] employees should be knowledgeable of the information security policies and procedures within the corporations they work in, as a means to competently manage Cybersecurity tasks. Moreover, given an individual's extensive use of technological devices, from smart homes, smartphones, and personal computers to using credit cards to purchase from ecommerce websites, awareness should be prioritized in order to mitigate cyberattacks on personal information [41] [42] [43].
Social engineering has increasingly become the most frequent threat to individual users in the cyberspace. Human hacking largely involves using immoral means to gain access to individuals' credentials such as passwords, credit card details and bank accounts and using them to gain access to secure networks. Among the well documented approaches that hackers employ to access confidential user information through the "manipulation of people's tendency to trust, or baiting them as they try to follow their curiosities and desires" [44] [45]. Despite the high levels of awareness among consumers regarding the dangers of the cyberspace to personal information, some individuals still fall prey to the hacker's tricks. For instance, a 2013 TNS Global for Hannon study on email user's vigilance revealed that more than thirty percent of users tend to open an email with the full knowledge that the contents could be harmful and malicious [44] (p. 32).
The struggle that hackers go through to access personal data leads to the question of the motivation behind such attacks. According to a 2012 study by Chitery, et al. [46], "to evaluate the variables of cause and identifying the susceptible members of an organization, financial gain, access to proprietary information, competitive advantage, revenge, fun, and other unspecified reasons ranked the highest" [47]. On the other hand, the most likely entities to fall prey for cyber-attacks targeting personal information include new employees, IT professionals, clients, partners and contractors, and top-level management. The techniques used in this case include "emails with internal URLs, emails with external URLs, beacon documents, and forms to obtain credentials" [22].
Given the extent of the damage caused by attacks on personal information, preventive measures against the attacks are the best course of action to be taken to mitigate such attacks. In contrast to industrial or institutional scales, it is unlikely that individuals would have backups for their data or recovery measures. Moreover, the data targeted is unlikely to be salvaged once the breach has taken place [48] [49]. Audits and compliance can also minimize the chances of cyber-attacks on personal information by having technical teams review network logs, revalidating employee credentials, and reviewing desktop security configuration regularly. In addition to audits, technical procedures can also be implemented to protect personal data within an enterprise. For instance, all external facing services should have firewalls, virtual private networks, intrusion prevention systems, and intrusion detection systems installed in a bid to provide layers of defense and data protection against fraudsters on the internet [50] [51] [52] [53]. Other measures include the provision of a well-documented security policy as well as physical guidance to protect physical assets associated with personal data [54].

Hypotheses and Research Framework
Based on the previously deliberated literature and our research objectives of filling the gaps, the following hypotheses were constructed: H1. Awareness of Cybersecurity has a significant influence on perceived ease of use of Cybersecurity.
H2. Attitudes towards Cybersecurity have a significant influence on perceived ease of use of Cybersecurity.
H3. Knowledge about Cybersecurity has a significant influence on perceived ease of use of Cybersecurity.
H4. Perceived ease of use of Cybersecurity has a significant influence on attitude towards using Cybersecurity.
H5. Attitude towards using Cybersecurity have a significant influence on actual use of Cybersecurity.
H6. Job positions have a moderator role influence on perceived ease of use of Cybersecurity.
H7. Job positions have a moderator role significant influence on attitude towards using Cybersecurity.
H8. Job positions have a moderator role influence on actual use of Cybersecurity.
The proposed research model (see Figure 1) is constructed to determine the moderator's role of education and Job position between TAM constructs. Therefore, Journal of Computer and Communications

Demographic Profile and Data Collection
An online questionnaire was distributed to Academic staff in Yanbu branch at Taibah University asking them to answer the questionnaire. An overall of 112 respondents, of which 90 accomplished questionnaires ensuing in a response rate of about (80%) were investigated after two weeks of distributing the questionnaires data. The respondent's Jobs profile were as follows: faculty of computer science (88%), faculty of business (5%), faculty of science (4%), and (3%) employed in the faculty of engineering.
Amongst the respondents, 8% had a master's degree, 92% had a PhD degree, 22% had less than five years of academic experience, whereas (70%) had academic experience ranging between 5 -10 years, and 8% of respondents had more than 10 years of academic experience.
The questionnaire encompassed three sections: The first section measured the demographic analysis of the respondents' employees: gender, age, position, and educational level. The second section measured TAM model determined by awareness of Cybersecurity; attitude towards Cybersecurity; knowledge about Cybersecurity; perceived ease of use Cybersecurity; attitude towards using Cybersecurity; and actual use of Cybersecurity. Last, the third section measured the Job position as a mediator. All questionnaire items measured using the five-point Likert scale ranging from "strongly disagree" to "strongly agree".

PLS Path Modeling
This article deployed Smart PLS 3 software for analysis. The software uses the Partial Least Structural Equation Modeling (PLS-SEM) technique [54]. The author used 5000 subsamples to get significant values of path coefficients and factors loading according to Hair Jr. et al., [50].  Table 1). Table 1 illustrated the actual use construct R2 = 0.398 which indicated that the size of the explanatory power of this form was low but enough;

The analysis in
whereas the regression of attitude towards using Cybersecurity = 0.864 which indicated that the size of the explanatory power of this form was high; also as illustrated in Table 1. The R2 of Cybersecurity ease of use was 0.674. Hence, the above constructs were statistically significant. Table 2 reveals that all constructs fulfills latent constructs correlations ranging from 0.448 to 0.887, which are below the threshold of 0.90 [47]. Above results satisfy the discriminant validity. Table 3 and Figure 2 the path coefficient (beta) value for all hypotheses 1; 2; 3; 4; 5; 6; 7 ranges from 0.207 to 0.85 and T test ranges from 2.042 to 4.324 significant and thus support hypotheses 1; 2; 3; 4; 5; 6; 7. Unexpectedly, H8 is negative and not significant; path coefficient (beta) −252; T test −1.287; P value 0.234, and thus does not support hypothesis H8.

Conclusion
This research investigated factors that affect that may have an influence on perceived ease of use of Cybersecurity, the influence of perceived ease of use on the attitude towards using Cybersecurity, the influence of attitude towards using Cybersecurity on the actual use of Cybersecurity and the influences of job positions on perceived ease of use of Cybersecurity and on the attitude towards using Cybersecurity and on the actual use of Cybersecurity. It was found that awareness of cybersecurity, attitude of cybersecurity and knowledge of cybersecurity have a significant impact on perceived ease of use of cybersecurity. Moreover, it was shown that perceived ease of use has a significant impact on attitude towards using Cybersecurity. Furthermore, attitude towards using Cybersecurity has a significant impact on actual use of Cybersecurity. Job Satisfaction was found to have a moderator role influence on perceived ease of use of Cybersecurity and on the attitude towards using Cybersecurity. However, it was found that job positions have no influence on actual use of Cybersecurity.

Conflicts of Interest
The author declares no conflicts of interest regarding the publication of this paper.