505 School employee credentials compromised – Cyber Security experts search for solution

Apart from that, more than 5,000 stealer logs have been extracted from the system, with over 1,000 already made available for sale on dark web marketplaces.

The Minister of Education, Haruna Iddrisu, disclosed this in a speech read on his behalf by the Executive Director of the Centre for National Distance Learning and Open Schooling (CENDLOS), Professor Diyawu Mumin, at the National Cybersecurity Awareness Month programme last Tuesday.

The event, held on the theme: “Empowering Higher Education for Cyber Resilience and Digital Rights”, was organised by the Cyber Security Authority (CSA) under the auspices of the Ministry of Communication, Digital Technology and Innovations, and in collaboration with the Ministry of Education, the Ghana Tertiary Education Commission (GTEC), and the Accra Technical University.

Mr Iddrisu said the education sector managed large volumes of sensitive information, including student health records, financial data and research materials, making it an attractive target for cybercriminals, and called on all institutions to strengthen their security systems and promote digital safety awareness.

He explained that cases such as data theft, cyberbullying, sextortion (a reference to demand for sex from an extortionist), certificate forgery and online scams were increasingly undermining the credibility of Ghana’s education system.

“These crimes not only threaten individual privacy but also the integrity of our institutions and the trust the public places in them,” he said.

Consequently, the country has intensified efforts to build cyber resilience and protect digital rights within higher education institutions.

This is part of efforts by the government to safeguard the education sector against the rising tide of cyber threats that target universities, e-learning platforms and student data.

The Minister of Education said the interventions had become necessary as the country recorded a growing number of cyber-attacks on academic systems and institutional databases, which required urgent and coordinated action.

He cited Microsoft’s October 2024 Cyber Security Report, which indicated that the education sector was among the most targeted industries worldwide, facing an average of 2,507 attempted cyber-attacks every week.

Measures, collaboration

Mr Iddrisu said the ministry had recognised that effective policy was essential to achieving cyber resilience within the sector.

He explained that in 2024, the ministry, through a multi-stakeholder technical working group comprising the CSA, National Council for Curriculum and Assessment (NaCCA) and other partners, undertook a comprehensive review of the ICT in Education Policy and the EdTech Strategy (ETHEC) to embed cyber security and digital safety at all levels of learning.

He added that the revised policy focused on improving institutional capacity, promoting safe digital learning and ensuring inclusion across schools and tertiary institutions.

He announced that the Ministry of Education, in collaboration with the CSA, was exploring the establishment of an Education Sector Computer Emergency Response Team (EduCERT) to strengthen institutional response to cyber incidents.

Institutional accountability

The Executive Director of GTEC, Prof. Ahmed Jinapor, said the commission recognised that cyber security had become central to academic quality assurance and institutional credibility.

He explained that universities and colleges across the country had embraced technology as an essential tool for teaching and administration, but warned that these same systems could be exploited if proper security measures were not put in place.

“Leadership within tertiary institutions must provide resources for digital infrastructure, establish clear cyber policies and train both staff and students to identify and mitigate risks,” he said.

Professor Jinapor indicated that GTEC was integrating digital competencies and cyber awareness into its institutional assessments and accreditation processes.

He added that GTEC’s partnership with the Cyber Security Authority under the new MoU would help establish the National Cyber Security Competency and Qualification Framework, which would guide institutions to adopt standardised practices for digital safety and data protection.

CSA’s Role

The acting Director-General of the CSA, Devine Selase Agbeti, said the authority had classified the education sector as part of the country’s critical information infrastructure, given its importance to national development and security.

He explained that cybercrime was projected to cost the global economy over $10.5 trillion by the end of 2025, making it one of the world’s most significant economic threats.

He added that the global shortfall of about four million cyber security professionals presented an opportunity for Ghana’s education sector to build local expertise and create new career pathways.