Cybersecurity vulnerabilities and solutions in Ethiopian university websites

This study investigates the causes and countermeasures of cybercrime vulnerabilities, specifically focusing on selected 16 Ethiopian university websites. This study uses a cybersecurity awareness survey, and automated vulnerability assessment and penetration testing (VAPT) technique tools, namely, Nmap, Nessus, and Vega, to identify potential security threats and vulnerabilities. The assessment was performed according to the ISO/IEC 27001 series of standards, ensuring a comprehensive and globally recognized approach to information security. The results of this study provide valuable insights into the current state of cybersecurity in Ethiopian universities and reveals a range of issues, from outdated software and poor password management to a lack of encryption and inadequate access control. Vega vulnerability assessment reports 11,286 total findings, and Nessus identified a total of 1749 vulnerabilities across all the websites of the institutions examined. Based on these findings, the study proposes counteractive measures tailored to the specific needs of each identified defect. These recommendations aim to strengthen the security posture of the university websites, thereby protecting sensitive data and maintaining the trust of students, staff, and other stakeholders. The study emphasizes the need for proactive cybersecurity measures in the realm of higher education and presents a strategic plan for universities to improve their digital security. The study investigates the causes of cybersecurity vulnerabilities in university websites, with a focus on Ethiopian Universities.The evaluation was based on ISO/IEC 27001 series standards and utilized three different automatic VAPT evaluation tools: Nmap, NESSUS, and VEGA.The research identified a range of issues contributing to cybersecurity vulnerabilities, including outdated software, poor password management, a lack of encryption, and inadequate access control.The study underscores the importance of proactive cybersecurity practices in the higher education sector and provides a roadmap for universities to enhance their digital security.