Innovating Cybersecurity in Tanzanian Academia: A Mobile Tool for Combatting Social Engineering Threats
DOI:
https://doi.org/10.51519/journalisi.v7i1.1034Keywords:
Social Engineering Awareness, Mobile-Based Application, User-Centric Tool, Vulnerabilities, Phishing, Smishing, Cybersecurity Training, Incident ResponseAbstract
Social engineering attacks, including phishing, smishing, and vishing, pose significant threats to higher learning institutions, especially in regions with limited cybersecurity awareness and weak incident reporting mechanisms. This study introduces a novel mobile tool that combines real-time threat detection, streamlined reporting, and personalized training to address these vulnerabilities. Using a mixed-methods approach, we gathered survey data from 395 participants, conducted interviews with 10 IT professionals, and ran a pilot test with 20 users. The proposed tool provides instant scanning of emails/SMS for social engineering content and instant incident reporting alongside interactive, bilingual (English/Swahili) training modules. Results show a substantial improvement in user awareness, 85% of users reported a better understanding of social engineering threats after using the app, and high user satisfaction, with 90% expressing approval of the intuitive interface. The integration of real-time threat analysis and immediate reporting with tailored education distinguishes our tool from existing solutions. We discuss how bilingual support broadened engagement and how personalized learning paths reinforced retention of security best practices. Our findings demonstrate that a mobile-based, user-centric approach can significantly bolster cybersecurity awareness and incident response in academic environments. Future work will integrate machine learning for enhanced threat detection and voice-guided features for accessibility, aiming to continuously adapt to evolving attack strategies. This research provides insights for policymakers on incorporating such tools into broader institutional cybersecurity strategies.
Downloads
References
N. Y. Conteh dan P. J. Schmick, "Cybersecurity: Risks, vulnerabilities and countermeasures to prevent social engineering attacks," Int. J. Adv. Comput. Res., vol. 6, no. 23, pp. 11–19, 2016.
F. Salahdine dan N. Kaabouch, "Social engineering attacks: A survey," Future Internet, vol. 11, no. 4, Art. 89, 2019.
G. Montanez et al., "Cognitive workload and social engineering susceptibility: A human-centered approach," Hum.-Comput. Interact., vol. 35, no. 2, pp. 135–149, 2020.
S. M. Albladi dan G. R. S. Weir, "User susceptibility to phishing attacks: The role of user behavior," J. Inf. Secur. Appl., vol. 48, Art. 102352, 2019.
E. Titis dan P. Stephens, "Analyzing cyber attacks and cyber security vulnerabilities in the university sector," Computers, vol. 14, no. 2, Art. 49, 2025.
E. D. Kundy dan B. J. Lyimo, "Cyber security threats in higher learning institutions in Tanzania: A case of University of Arusha and Tumaini University Makumira," Olva Acad.–Sch. Res., vol. 2, no. 3, pp. 1–38, 2019.
M. E. Eltahir dan O. S. Ahmed, "Cybersecurity awareness in African higher education institutions: A case study of Sudan," Inf. Sci. Lett., vol. 12, no. 1, pp. 1–9, 2023.
S. Al-Janabi dan I. Al-Shourbaji, "A study of cyber security awareness in educational environment in the Middle East," J. Inf. Knowl. Manag., vol. 15, no. 1, Art. 1650007, 2016.
M. E. Whitman, H. J. Mattord, dan A. Green, "Reducing cyber crime in Africa through education," Proc. IEEE Int. Conf. Cyber Secur. Resilience (CSR), Rhodes, Greece, 2022, pp. 1–6, doi: 10.1109/CSR54599.2022.9996274.
A. A. Semlambo, D. M. Mfoi, dan Y. Sangula, "Information systems security threats and vulnerabilities: A case of the Institute of Accountancy Arusha (IAA)," J. Comput. Commun., vol. 10, no. 11, pp. 1–17, 2022.
M. Grobler, R. Gaire, dan S. Nepal, "User, usage and usability: Redefining human-centric cyber security," Front. Big Data, vol. 4, Art. 583723, 2021.
H. Aldawood dan G. Skinner, "Social engineering: The science of human hacking in higher education," Future Internet, vol. 11, no. 4, p. 89, 2019.
N. S. Safa, R. Von Solms, dan S. Furnell, "Information security policy compliance: Investigating the role of security awareness and psychological factors," Comput. Secur., vol. 56, pp. 70–82, 2016.
M. Bada, M. A. Sasse, dan J. R. C. Nurse, "Cyber security awareness campaigns: Why do they fail to change behavior?," Proc. Int. Conf. Cyber Secur., 2015.
S. Allam, S. V. Flowerday, dan E. Flowerday, "Smartphone information security awareness: A victim of operational pressures," Comput. Secur., vol. 42, pp. 56–65, 2014.
K. Matyokurehwa, N. Rudhumbu, C. Gombiro, dan C. Chipfumbu-Kangara, "Enhanced social engineering framework mitigating against social engineering attacks in higher education," Secur. Privacy, vol. 5, no. 5, e237, 2022.
J. Hobbs, "Cybersecurity awareness in higher education: A comparative analysis of faculty and staff," Issues Inf. Syst., vol. 24, no. 1, pp. 159–169, 2023, doi: 10.48009/1_iis_2023_114.
A. M. H. Al-Hakimi dan M. Hassan, "Anti-social engineering: The importance of social engineering awareness training web platform," Proc. 2024 IEEE 15th Control Syst. Grad. Res. Colloq. (ICSGRC), pp. 35–40, 2024.
H. Havenstein, "Gamified corporate training and its role in enhancing cybersecurity awareness," J. Cybersecurity Train., vol. 18, no. 3, pp. 221–230, 2020.
E. C. Cheng dan T. Wang, "Institutional strategies for cybersecurity in higher education institutions," Information, vol. 13, no. 4, p. 192, 2022.
T. S. Yin, I. F. Kasmin, Z. M. Z. Abidin, dan H. Vasudavan, "Mobile application for cybersecurity education and awareness since COVID-19 pandemic," Int. J. Data Sci. Adv. Anal., vol. 4, pp. 263–269, 2023.
A. Alroobaea dan P. J. Mayhew, "How many participants are really enough for usability studies?," Proc. Sci. Inf. Conf. (SAI), London, UK, 2014, pp. 48–56, doi: 10.1109/SAI.2014.6918171.
F. T. Ngo, R. Deryol, B. Turnbull, dan J. Drobisz, "The need for a cybersecurity education program for internet users with limited English proficiency: Results from a pilot study," Int. J. Cybersecurity Intell. Cybercrime, vol. 7, no. 1, p. 2, 2024.
Z. Wang, H. Zhu, dan L. Sun, "Social engineering in cybersecurity: Effect mechanisms, human vulnerabilities and attack methods," IEEE Access, vol. 9, pp. 11895–11910, 2021.
A. A. Albishri dan M. M. Dessouky, "A comparative analysis of machine learning techniques for URL phishing detection," Eng. Technol. Appl. Sci. Res., vol. 14, no. 6, pp. 18495–18501, 2024.
Downloads
Published
Issue
Section
License
Authors Declaration
- The Authors certify that they have read, understood, and agreed to the Journal of Information Systems and Informatics (JournalISI) submission guidelines, policies, and submission declaration. The submission has been prepared using the provided template.
- The Authors certify that all authors have approved the publication of this manuscript and that there is no conflict of interest.
- The Authors confirm that the manuscript is their original work, has not received prior publication, is not under consideration for publication elsewhere, and has not been previously published.
- The Authors confirm that all authors listed on the title page have contributed significantly to the work, have read the manuscript, attest to the validity and legitimacy of the data and its interpretation, and agree to its submission.
- The Authors confirm that the manuscript is not copied from or plagiarized from any other published work.
- The Authors declare that the manuscript will not be submitted for publication in any other journal or magazine until a decision is made by the journal editors.
- If the manuscript is finally accepted for publication, the Authors confirm that they will either proceed with publication immediately or withdraw the manuscript in accordance with the journal’s withdrawal policies.
- The Authors agree that, upon publication of the manuscript in this journal, they transfer copyright or assign exclusive rights to the publisher, including commercial rights
