Advancing Innovative Cybersecurity Solutions and Approaches to Protect Digital Ecosystems

Table of Contents

1. Frontmatter

2. Security in Emerging & Advanced Technologies (AI/ML & Blockchain)

   1. Security Risks in Large Language Models and General Mitigation Strategies

      Ruidong Zhang, Modimowabarwa Kanyane

      Abstract

      Since the inception of ChatGPT, Large Language Models (LLMs) have been reshaping many tasks such as document creation, decision support, computer coding and multi-language translations. Industries like education, healthcare and financial services are being transformed. However, their pervasiveness has also introduced security risks. In this study, a review of literature published in the most recent years is conducted to identify and categorise the potential risks associated with LLMs. Potential mitigation strategies and actionable solutions are discussed for each category. This study concludes by pointing out more efforts and future directions for the responsible development and use of LLMs.

   2. AI-Blockchain Synergy for Next-Generation Cybersecurity. Adaptive, Ethical, and Efficient Architectures

      Vusumuzi Malele, Godwin Mandinyenya

      Abstract

      This study investigates the convergence of blockchain technology and advanced computational methods as a pathway to strengthening cybersecurity architectures. While blockchain offers decentralization, transparency, and tamper-resistance, its deployment is constrained by challenges such as scalability bottlenecks, high energy demands, and susceptibility to emerging attack vectors. The primary aim of this research is to evaluate how integrating adaptive intelligence into blockhain systems can enhance resilience, efficiency, and ethical governance in critical infrastructures. A systematic literature review was conducted, drawing on peer reviewed studies published between 2018 and 2025, guided by Kitchenham’s framework and PRISMA reporting standards. The synthesis of 28 studies reveals measurable gains, including reductions in false positives during intrusion detection, improved resistance to consensus-layer attacks, and enhanced interoperability across distributed systems. At the same time, the findings highlight persistent barriers such as limited large-scale validation, adversarial vulnerabilities, and unresolved ethical and legal tensions around data rights and accountability. The paper contributes a multi-layered integration model that positions intelligent optimization at protocol, smart contract, and governance layers. The results underscore the potential of this combined approach to advance cybersecurity while emphasizing the need for sector-specific adoption frameworks, lightweight defenses, and regulatory alignment to ensure sustainable real-world deployment.

   3. From Regex to Transformers: A Hybrid Framework for Cyber Threat Indicator Extraction from Unstructured Text

      Paul Jideani, Aurona Gerber

      Abstract

      Automated extraction of Indicators of Compromise (IOCs) from unstructured cybersecurity threat intelligence reports remains a critical challenge due to the volume, variety, and complexity of modern threat data. This study introduces a hybrid and transformer-based IOC extraction framework that combines pattern-based regular expressions, spaCy Named Entity Recognition, and a fine-tuned DistilBERT token classification model, improving coverage and accuracy over traditional manual or rule-based methods. The approach is implemented as an end-to-end, fully automated pipeline integrating data preprocessing, token-level annotation, model training, inference, and an interactive deployment interface via Streamlit and a RESTful API, enabling real-time extraction and structured output for practical cybersecurity workflows. A comprehensive evaluation and visualisation framework, including token-level BIO-tagging, per-type and overall NER metrics, and interactive colour-coded entity highlighting with sortable tables, facilitates both quantitative assessment and intuitive interpretation of extracted IOCs. Experimental results demonstrate that the transformer-based model achieves perfect precision, recall, and F1-score, significantly surpassing baseline regex+NER methods. This framework provides a scalable, accurate, and practical solution for enhancing threat intelligence analysis and accelerating incident response.

   4. Towards Facial Expression Analysis for Enhanced Threat Detection in Surveillance

      Livhuwani Mutshafa, Benson Moyo

      Abstract

      As cyber-physical systems become increasingly integrated into critical infrastructure such as energy distribution, transportation, healthcare, and public services, they are also becoming exposed to complex cyber threats. These threats range from traditional cyber intrusions to physical breaches and insider threats aimed at disrupting real-time operations. Enhancing situational awareness in such environments requires the development of proactive surveillance mechanisms that can detect early behavioural cues associated with potential threats. This paper presents a deep learning-based surveillance framework that incorporates facial expression analysis as a behavioral indicator to support the detection of anomalous. The framework takes into consideration that emotional states such as sustained anger, fear, and disgust can precede hostile actions. To operationalise these, we employed a convolutional neural network (CNN) and a recurrent neural network architecture trained in two benchmark datasets, the Amsterdam Dynamic Facial Expression Set (ADFES), and the Chinese Face Dataset with Dynamic Expressions to classify seven basic emotions (anger, disgust, fear, happiness, sadness, surprise, neutrality) from video streams. Based on a system throughput of 43.09 frames per second, a macro-averaged F1-score of 95%, and a per-frame inference time of 0.0232 s, preliminary results show that using facial expression analysis for real-time threat detection is feasible. These results underscore its potential to augment surveillance capabilities within cyberphysical systems, contributing to more proactive surveillance.

   5. Securing Agricultural Sustainability: Integrating Digital Twins and Blockchain for Smart Farming

      Menaka L. Godakanda, Derani Dissanayake, Premankit Sannd, David M. Cook

      Abstract

      Technological advancements are fundamentally reshaping the agricultural sector, addressing longstanding challenges while improving operational efficiency. However, the increasing digitization of agricultural systems introduces cybersecurity vulnerabilities that threaten critical food infrastructure. This paper presents an innovative framework that integrates digital twins and blockchain technologies for smart farming, leveraging Internet of Agricultural Things (IoAT) sensors and LoRaWAN communication to maintain accurate digital representations of agricultural ecosystems. This integrated approach enhances both sustainability and cybersecurity in smart agriculture by addressing key challenges in modern farming, including real-time monitoring, data integrity, resource optimization, crop yield enhancement, secure communication channels, and cyber protection for agricultural infrastructure. A case study implementing this framework in a simplified simulation demonstrates technology integration alongside robust and secure agricultural IoT systems. Our findings show the approach can lead to more sustainable and productive agricultural practices. By combining IoT, LoRaWAN, digital twins, and blockchain technologies with cybersecurity, the framework provides for future cyber-proofed smart farming initiatives. This contributes to the digital transformation of secure agriculture providing synergy between emerging technologies and critical agricultural infrastructure (CAI).

3. Cybersecurity Governance, Policy, and National Strategies

   1. Frontmatter

   2. African Cyber Power: Establishing a Strategic Rationale for Offensive Cyber Capabilities - The Case of South Africa

      Wilhelm Bernhardt, Petrus Duvenage, Sebastiaan von Solms

      Abstract

      This paper explores the strategic rationale underpinning the development of offensive cyber power capacity in African states, using South Africa as a case study. South Africa was selected due to its prominence on the continent in terms of technological, political and security developments. Building on prior research, the paper contends that the cyber power of states is structured around a triadic model consisting of interdependent defensive, offensive, and developmental dimensions. Accordingly, it posits that each state’s cyber capacity should be evaluated in alignment with its distinct national security imperatives, which may diverge significantly from those of more technologically advanced nations. To this end, the paper locates offensive cyber power within the broader context of offensive intelligence operations and examines South Africa’s national security posture to identify threats that may justify both the application of offensive intelligence measures and the acquisition of cyber-based offensive capabilities. The paper finds that South Africa’s national security framework suggests that the country is at a pivotal point in the evolution of its offensive cyber power capabilities, and that there is a growing recognition that purely defensive mechanisms are no longer adequate to counter the increasingly complex and proliferating cyber-enabled threats it faces. Accordingly, there is a compelling and urgent strategic rationale for South Africa to pursue the development of offensive cyber power, as an integral component of its broader national security posture. Future studies will explore the applicability and relevance of these findings, within the context of the triadic mode, to other African states.

   3. Addressing Evolving Cybersecurity Threats from Industrial Internet of Things (IIoT) Adoption Through Improved Cybersecurity Governance

      Hendrik Zwarts, Sebastiaan von Solms

      Abstract

      The sophistication and frequency of cyberattacks have increased as a result of the growing use of Industrial Internet of Things (IIoT) devices to manage critical infrastructure (CI) facilities. This enhanced threat vector heightened the possibility of interference and damage to critical infrastructures that threatens the life, economic stability and/or national security of a country. The strategies and operational methods used to defend critical infrastructures must be in line with the new risks and dangers associated with the use of IIoT devices and systems in order to stop the escalation of such incidents. Additionally, this growth necessitates a paradigm change in how cybersecurity risks are perceived, addressed, and controlled. In addition to offering ideas that can be put into practice to lessen the increasing IIoT cybersecurity threat, the article aims to reflect on how the adoption of IIoT devices and systems altered the cybersecurity threat landscape for critical infrastructure. Refocusing attention on the significance of cybersecurity governance, particularly how a developmental or maturity approach could improve cybersecurity resilience at CIs, is one of the strategies that will be advocated.

   4. Digital Literacy and the Challenge for NIST Compliance in Developing Economies

      Premankit Sannd, David M. Cook, Menaka L. Godakanda, Efrancia Mobegi, Derani Dissanayake

      Abstract

      The trend towards increasing digital integration across global systems is limited by significant differences between countries with high technology literacy, and countries that remain digitally nascent. This study examines the critical challenge of implementing the National Institute of Standards and Technology (NIST) Cybersecurity Framework in developing economies. While NIST provides a robust and globally recognized model, its successful adoption is often hindered by context-specific barriers. This research argues that digital literacy (DL) is the most fundamental of these barriers, as it underpins other challenges, including resource constraints, inadequate policy frameworks, and limited public-private partnerships (PPPs). Through a comparative case study analysis of South Africa, Kenya, and India, this paper proposes that a successful pathway to compliance requires a contextualized, multi-stakeholder approach that prioritizes grassroots digital skills development and creates frameworks tailored to the needs of small and medium-sized enterprises (SMEs). The paper introduces the SACyber SME Framework as a model, emphasizing that top-down policy adherence must be supported by bottom-up capacity building. This work shows how a complex, technical standard can be translated into an accessible and actionable guide in countries with limited digital literacy.

   5. Privacy by Design for GDPR Compliance Assessment

      Nokuthaba Siphambili, Ntomfuthi Ntshangase, Sipho Ngobeni, Daniel Shadung, Rofhiwa Netshiya

      Abstract

      The General Data Protection Regulation (GDPR), a European data protection law enacted in 2016, focuses on the protection of the data of individuals in the European Union (EU). Incorporating privacy by design (PbD) principles into Compliance assessment systems ensures that privacy is prioritized in the design and architecture of systems. This paper followed a systematic literature review that discussed privacy by design principles. It then formulates seven Privacy by design principles based on literature analysis. We then highlight a GDPR compliance assessment toolkit (GCAT) and compare the seven PbD principles to the GCAT to show that the GCAT was designed to incorporate privacy by default and privacy by design principles. The observations indicate how privacy by design principles are embedded into the development of the system to enhance trust among users.

4. Cybersecurity Education, Training, and Human Factors

   1. Frontmatter

   2. Identifying Gaps in the Evaluation of Security Education, Training and Awareness (SETA) Programs: A Systematic Literature Review

      Phathutshedzo Mudau, Noluntu Mpekoa, Noluxolo Gcaza

      Abstract

      Many organisations are dedicated to enhancing their security by investing heavily in Security Education, Training, and Awareness (SETA) programmes to protect their platforms and personnel better. However, measuring the effectiveness of these initiatives remains a considerable challenge. This study presents a systematic literature review conducted following the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) methodology to examine how SETA effectiveness is currently assessed and to identify significant gaps in existing approaches. The review reveals that many evaluations still depend on self-reported data, knowledge tests, or participation rates, which offer limited insight into whether secure behaviours are genuinely being adopted or sustained. Moreover, current assessment practices often neglect the impact of emerging threats, such as AI-driven phishing and deepfakes, and seldom consider the long-term behavioural effects of SETA programmes. Although innovative methods employing behavioural metrics, psychological engagement, and mixed-method approaches demonstrate strong potential, they remain underutilised. The findings underscore the necessity for more meaningful, behaviour-oriented, and context-aware evaluation frameworks that mirror real-world security challenges and foster more robust organisational security cultures.

   3. Teaching Cybersecurity Through Practice: Approaches and Insights

      Sinovuyo Mzanywa, Lynn Futcher

      Abstract

      With the rapidly evolving cybersecurity threats, professionals require not only theoretical knowledge but also strong practical, hands-on skills. This systematic literature review investigates eight common hands-on approaches for developing hands-on cybersecurity skills among Information Technology (IT) students. These approaches include Capture the Flag (CTF), serious games, tabletop exercises, honeypots, penetration testing games, cyber ranges, cyber testbeds, and hackathons. The review followed PRISMA guidelines and identified 48 peer-reviewed papers published between 2021 and 2025 from five major databases. A thematic content analysis was conducted to examine educational benefits, and limitations. The findings of the identified approaches indicate that they are effective in increasing student engagement, motivation, and skill development. Challenges noted include scalability, institutional barriers, and the need for alignment with academic goals set out by institutions, as well as the demands of industry. This review provides some evidence to support inclusive curriculum design for cybersecurity education and highlights areas for future research on the long-term impact and the inclusion of soft skills.

   4. The Influence of Cybersecurity Fatigue on Students’ Compliance with Cybersecurity Measures

      Sinethemba Gomba, Wallace Chigona, Teofelus Tuyeni, Luzuko Tekeni

      Abstract

      This study investigates the influence of cybersecurity fatigue on university students’ compliance with cybersecurity measures. Cybersecurity fatigue arises from the constant need to comply with numerous security measures, leading to feelings of fatigue and a decrease in motivation to adhere to those very measures intended to maintain cybersecurity. The repetitive nature of security tasks and the constant influx of security advice contribute to this fatigue. Cybersecurity fatigue is a critical concern in modern digital environments, especially within higher education institutions. Using a single case qualitative case study, we conducted semi-structured interviews with 10 students from various faculties both at undergraduate and postgraduate levels. We used thematic analyzes in combination with the NVivo software to analyze our qualitative data. Our findings reveal that students, despite understanding the importance of cybersecurity, experience frustrations and annoyance with repetitive security procedures, particularly multi-factor authentication. This often leads to noncompliant behaviors, such as reusing passwords and ignoring updates, ultimately weakening the overall cybersecurity posture. The study emphasizes the urgent need for institutions to recognize and address cybersecurity fatigue by implementing strategies that balance security needs with user experience to foster a secure, yet less burdensome digital environment. Student-driven recommendations to address cybersecurity fatigue in higher education institutions are also discussed.

   5. Beyond Smoke Signals: A Conceptual Model Positioning Burnout and Quiet Quitting in Cybersecurity Professionals

      Michael de Jager, Lynn Futcher, Lynette Drevin, Madri Kruger, Kerry-Lynn Thomson

      Abstract

      Burnout and quiet quitting are increasingly prevalent among cybersecurity professionals, where sustained high demands, resource constraints, and limited recovery opportunities create chronic strain. This paper reframes these outcomes as interconnected processes shaped by the dynamic interplay of job demands, resources, and recovery mechanisms. Drawing on the Job Demands-Resources (JD-R) model, Effort-Recovery (E-R) model, and Exit-Voice-Loyalty-Neglect (EVLN) framework, it proposes a dual-pathway conceptual model that distinguishes between suboptimal and ideal states, mediated by burnout indicators and moderated by organisational and individual factors. The model identifies critical intervention points from workload management and leadership practices to organisational culture emphasising the potential for constructive recovery rather than inevitable withdrawal. Practical considerations include the integration of AI-enabled workload monitoring, predictive analytics, and recovery support systems. As a theory-building contribution, the model synthesises psychosocial and organisational perspectives, offering a diagnostic and strategic tool for sustaining cybersecurity workforce engagement.

5. Security Architectures, Models, and Authentication Mechanisms

   1. Frontmatter

   2. Multidimensional Review of Cybersecurity Vulnerabilities in E-Government Systems: The Case of South Africa

      Thifhindulwi Maxwell Rambau, Willard Munyoka, Letlibe Jacob Phahlamohlaka

      Abstract

      The digital transformation of public services has positioned e-government systems as vital instruments of modern governance. While enhancing efficiency and accessibility, these platforms are increasingly exposed to complex cyber threats. In developing contexts, such as South Africa, risks are intensified by socio-technical constraints, legacy infrastructure, and fragmented policy environments. This study applies a systematic literature review of 78 sources (2015–2025), complemented by thematic analysis using the Adapted Vulnerability Triad Framework, to categorise vulnerabilities across technical, human, and organisational domains. Findings reveal systemic risks, including outdated infrastructure, susceptibility to social engineering, and fragmented governance, compounded by weak enforcement of laws such as POPIA and the Cybercrimes Act. The study contributes by integrating these vulnerabilities into a multidimensional risk map and a policy–practice gap matrix, providing a novel diagnostic lens for South Africa’s public sector. Building on this synthesis, a phased roadmap is proposed to guide short-term safeguards, medium-term reforms, and long-term resilience strategies aligned with international frameworks. By balancing ambition with institutional realities, the roadmap offers practical guidance for policymakers while advancing scholarly debates on cybersecurity as a socio-technical governance challenge.

   3. Managing Risks and Improving Cyber Resilience – Assessing Mobile Application Security Using a Reference Model

      Heloise Pieterse

      Abstract

      Mobile devices, especially smartphones, have become an integral part of users’ personal and professional lives. Central to the expansive use and prevalence of mobile devices are mobile applications – software developed to enhance the functionality offered by these devices. Mobile applications offer unparalleled support for users, ranging from personal use to work-related activities. However, increased usage of mobile applications can pose serious security risks due to vulnerabilities or faults that may exist within the software. It becomes, therefore, imperative to evaluate mobile applications for security risks before releasing the software for either general or professional use. Such an evaluation of a mobile application is conducted via a security assessment, which aims to determine if a mobile application conforms to specified security requirements. The proper security assessment of a mobile application requires a framework to guide security analysts in applying techniques and approaches to eliminate risks and ensure resilience against attacks. This paper presents a reference model conceptualising the requirements needed to conduct a comprehensive security assessment of mobile applications. The reference model provides an abstraction of the phases, as well as the relationship between the phases, to guide the assessment of mobile application security. The outcome of this paper is a contribution to a commonly accepted domain definition for assessing mobile application security, ensuring that such assessments can be performed consistently and effectively.

   4. Enhancing Digital Wallet Security: A Systematic Comparison of Passwordless and Risk-Based Authentication Approaches

      Sthembile Mthethwa, Nomalisa Ndhlovu, Siphelele Myaka, Sthembile Ntshangase, Daniel Shadung, Tanita Singano

      Abstract

      The dynamic nature of the digital landscape necessitates robust security measures for the use of digital wallets, with authentication being pivotal in ensuring both user safety and system integrity. Traditionally, password-based authentication has been the predominant method employed. However, it is also the primary target for cyber attackers, with numerous successful breaches resulting from compromised credentials. Despite the availability of alternative methods, passwords continue to be the preferred choice. This paper examines various authentication techniques—such as passwordless, behavioral, continuous, and adaptive authentication—emphasizing their respective advantages and disadvantages. Additionally, it discusses the challenges associated with the implementation of these methods and outlines key considerations for organisations prior to adoption. Specifically for digital wallets, passwordless and risk-based authentication methods are identified as the most appropriate. Future research will focus on testing and comparing the effectiveness of these two methods by simulating attacks to determine which provides greater security.

   5. Diagnosability of Attack Trees

      Damas Gruska, Aliyu Tanko Ali, Martin Leucker

      Abstract

      Attack trees which can express both the time and cost of an attack are presented. We then consider a defender who can partially observe the system and thus obtain partial information about the state of the not-yet-completed attack. From this (s)he tries to derive complete information about all actions of the attacker. When this is possible, we call such systems diagnosable. We study a diagnosable system, the relation between diagnosability and the security property called initial state opacity is shown, and in addition, several ways to increase the security of the system are discussed.

6. Backmatter