Among the major threats faced by South African universities include prevalent ransomware, phishing, data breaches.
With just nine to go before the matric results are released, and with many students considering tertiary studies, higher education institutions face cybersecurity challenges unlike those faced by many other sectors.
Among the major threats facing South African universities are ransomware, phishing, data breaches, insider threats, reliance on third parties, and a significant skills gap.
Amplification
These are exacerbated by the shift to digital learning and by insufficient budgets, which demand better policies, greater awareness, and increased investment.
Dell Technologies’ Musa Masungwini said data protectors and cyber defenders in South Africa and across the globe face open networks, student populations that come and go, and budget constraints that all increase the risk of cyberattacks.
“In some ways, the problem is cultural. Academic institutions are built on openness, shared governance and intellectual freedom.
“The strict security access control, monitoring and response protocols that work in the corporate world may not be appropriate for colleges and universities, so what can they do to stay secure? asked Masungwini.
ALSO READ: Cyber Month: Scammers ‘hacking kindness’ – AI and ubuntu used for fraud
The fight
Masungwini, to counter these challenges, leaders in higher education are adopting strategies that move beyond simple prevention to build comprehensive resilience, enabling them to withstand and quickly recover from incidents.
“An effective strategy involves creating a layered defence of interlocking security tools that protect different parts of the network. This approach requires more internal capability but gives institutions greater control.”
Government guidance
He said government guidance, such as South Africa’s National Cybersecurity Policy Framework (NCPF), and stricter requirements from cyber-insurers are also driving positive change.
“These standards encourage institutions to adopt best practices and improve their overall security posture.
“For higher education technology leaders trying to figure out where to focus, get clear on what needs protecting and why. Not everything is equally critical. Identify the most valuable assets – whether that’s research data, student records, or financial systems – and prioritise protecting them,” Masungwini said.
ALSO READ: Urgent warning! Don’t fall for these online traffic fine scams
Exercises
Masungwini urged higher education institutions to run tabletop exercises, simulate attacks, and identify where plans break down before an incident occurs.
“Security isn’t just an IT problem. It requires buy-in from academic leadership, faculty and students. Make the case for why it matters and involve people in the solution.”
DBE attack
Cybercrime not only affect higher learning institutions.
In January 2025, the Department of Basic Education confirmed a possible breach of matric exam results.
It followed the Johannesburg company Edumarks, allegedly enticing matric learners to pay R100 to get their results early.
ALSO READ: Data breaches cost SA organisations over R360m in 3 years
