CYBERSECURITY AWARENESS IN ONLINE EDUCATION: A CASE STUDY ANALYSIS

This study presents to what extent Kyrgyz-Turkish Manas University students are knowledgeable about cybersecurity in the distance education process. The survey was conducted with a sample of 517 students from all faculties of the university at the undergraduate, graduate, and PhD levels. Our research study shows that although huge numbers of cyberattacks are occurring around the world, the students did not have any knowledge about cybersecurity and the effects of cyberattacks overall. An analysis of cybersecurity awareness was undertaken by asking questions focused on malicious software, password security, and social media security. Although we live in an age of technology where our entire lives are indexed to the internet through the distance education process, it has been determined that students have a weak cybersecurity awareness. It has been further concluded that cybersecurity education should be given to prevent the students from becoming a victim of cyberattacks, helping them to use the internet more effectively.


I. INTRODUCTION
With the spread of technology and the penetration of the internet into every aspect of daily life, cybersecurity has begun to be of great importance for both individuals and states alike [1]. Although these innovations have made our lives easier, the increase in cyberattacks has made it necessary to take measures in this area [2, 3 &4]. In addition, one of the most basic points is that the types of cyberattack, in other words the malicious use of cyberspace, have changed in the last 20 years. This has led to the use of new "cyber" concepts and risks in the literature [5].
A cyberattack is defined by Hathaway et.al. as follows: "A cyber-attack consists of any action taken to undermine the functions of a computer network for a political or national security purpose" [6]. The most basic question to ask is 'Does this definition define cyberattacks today?' Today, saying that cyberattacks are carried out only for political purposes is insufficient when it comes to trying to understand the nature of cyberattacks. This is because new cyber concepts have emerged that have changed the nature of cyberattacks. What remains similar is the use of computers in attacks. In this context, cybercrimes are defined as crimes committed through computers [7]. The Department of Justice of the USA defines a cybercrime as "any violations of criminal law that involve knowledge of computer technology for their perpetration, investigation or prosecution" [8].
On the one hand, it is important to explain what cybersecurity is. Although the concept does not have any common definition, the International Telecommunication Union (ITU) defines cyber security as "the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user's assets. Cybersecurity strives to ensure the attainment and maintenance of the security properties of the organization and user's assets against relevant security risks in the cyber environment" [9].
Although there are now more complex structures in cyberattacks and cybersecurity compared to the past, the ability to perform cyberattacks has developed. The capacity to learn through websites that almost every computer user can access has increased. This is especially so the new generation, called the Z generation. They are often completely involved with computer technologies and can easily perform any activity they want by using it [10,11,12,13].
On the other hand, this situation has also led to the emergence of new situations regarding computer technologies, or cyber security awareness as it is called in the literature. Although the Z generation has grown up with the internet and with computer technologies, sometimes they do not know what kind of problems they may encounter or they do not know how to deal with the problems arising from the continual development of internet technologies [14,15].
Cybersecurity awareness, or information security awareness, has become an important issue today. The number of studies on this subject, which affects every aspect of daily life, is increasing. First of all, defining cybersecurity awareness is important to better gain a full understanding of the subject. Shaw et.al. defined the concept as; "the degree of understanding of users about the importance of information security and their responsibilities and acts to exercise sufficient levels of information security control to protect the organization's data and networks" [16]. As can be understood from the definition, the important points are evaluated in two ways. Firstly, it emphasizes the importance and responsibilities to do with information security. Secondly, it is aimed at knowing and applying information security control practices at an adequate level to protect the information.
Hwang et.al. defined information security awareness as a phenomenon that aims to enable users to recognize the security vulnerabilities or problems that may arise and to respond in an appropriate way. Naturally, it also intends to keep the security phenomenon on the internet at the forefront of the user's minds [17]. Khan et.al. made similar points to Hwang. Khan et al. defined information security awareness as the fact that users have information about security and act within the framework of the known rules [18]. Zilka, on the other hand, defines cybersecurity awareness as a phenomenon that aims to increase the level of knowledge about the online applications that users use so then they can stay safe in response to online risks [19]. Within the framework of these definitions, it can be clearly seen that security awareness training should be provided to improve cybersecurity awareness [20].
Within the framework of this information, it will also be questioned what kind of information the students have about cybersecurity awareness during the online education period and whether they want to receive training in this direction. The second aim of this study is to obtain data for use by further studies on how students can increase their cybersecurity awareness based on the theoretical framework findings.

II. LITERATURE REVIEW
Technology has developed rapidly in the last three decades. With the beginning of the millennium, the rate of the use of the internet has also increased and is now more than 50 % [21]. Although people use the internet and technology in their routine, they do not know how to protect themselves from the possible risks associated with technology and the internet. Especially today, given the Covid-19 pandemic, the education process has started to be carried out through the online system of distance education. This situation has also led to the beginning of a new era for students and the creation of activities on cyber awareness. Although the students' use of online education platforms is through programs determined by the universities themselves, students may also be the target of cyber attackers due to services such as the unconscious use of the internet, downloading software from illegal sites, or not updating their software, social media accounts, and internet banking. Today, cyber-attackers send more spam emails, try to manage network traffic, and even access user information by hijacking personal computers with files that they send to individual email accounts [22]. For this reason, it is necessary to engage in cybersecurity awareness studies focused on students [23&24].
Several studies have been conducted to measure the level of cybersecurity awareness among students and academics. For example, Ismailova and Muhametjanova [23] studied the cybercrime risk awareness in the Kyrgyz Republic with 172 participants. The results show that the students were not familiar with cybercrime.
Another survey was done in New Zealand in 2016 to measure cybersecurity awareness among individuals between the ages of 8-21. This was conducted by Trimula, Sarrafzadeh, and Pang. According to the authors, most of the students were not aware of the presence of cyber threats and they did not know the term cybersecurity [25].
Ahmed et.al. examined the cybersecurity awareness of the people of Bangladesh [26]. Their research states that the sample did not have enough information about cybersecurity. The authors made a recommendation that a guide should be prepared so then people can become consciously aware of cybersecurity [26].
The Department of Computer Science at Yobe State University conducted a survey that showed that although the students were aware of cybersecurity, they did not know how to protect the data that they have [27].
Today, social media accounts are very popular among students. Sometimes people can be defrauded and their information stolen through their social media accounts. Kirwan et.al. conducted a study on this subject involving Malaysian students. They investigated whether the sample of students knew about this subject and whether they had been the victim of this type of fraud [28]. The results of their survey showed that more than 30% of students had been a victim of a social networking site scam [28].
Senthilkumar and Sathiskumar surveyed cybersecurity awareness among college students in Tamil Nadu. They found that the students were able to protect themselves from cyber threats [29].
Zwilling et.al. conducted a survey among undergraduate and graduate students. The survey was conducted on students from various countries [1]. The results revealed that internet users are aware of cyber risks and simple precautions are taken by them. The authors claimed that there is a link between cyber awareness and cyber knowledge [1].
Shamsi conducted a study on children. The author, who used a qualitative method in his study, stated that children can be exposed to different cyber risks and that they should learn the associated precautions through cybersecurity awareness programs [30].
Abd Rahim et al. worked on a cyber security awareness program. In this study, the authors used the mixed method research methodology through four main steps: analysis, design, development, and evaluation. Within the framework of the data obtained, it was revealed that the young people had positive reactions to the content of the program. They reported that there were changes in their knowledge and skills regarding the protection of personal data and in the implementation of the desired behaviors [13].
Moallem conducted a quantitative data-based study on students in Silicon Valley, California. This study analyzed the cybersecurity awareness of students in Silicon Valley. As a result, the risks in the cutting-edge technology environment were also analyzed [31]. Within the framework of the data obtained, it was revealed that although the students do not trust the university system, they also do not know how they will protect their data. It is also claimed that universities do not carry out cyber awareness programs for their students.
Ismailova et al. conducted quantitative research on students at two state universities in Kyrgyzstan and Kazakhstan. The main purpose of this study was to compare the student's cybercrime risk awareness. According to the results of the research, the gender and age of the participants in Kazakhstan affected the cybercrime awareness rate. No factors affected the situation in Kyrgyzstan [32].
Most of the studies in the literature have revealed the fact that there is a lack of knowledge about cybersecurity awareness in the younger generation. Some studies have also stated that even if the participants have the knowledge, this is not enough to protect them from cyberattacks. Our study used the online survey method to determine the cyber awareness levels of university students and they asked the questions in a hierarchy from general to specific to measure the knowledge level of students in the field of cybersecurity. First, the students' general computer usage tendencies were revealed, then their knowledge levels on more technical issues specific to cybersecurity were measured. It was aimed to determine how many of the students had a more detailed background in network and computer security issues since more than superficial knowledge is needed to deal with cyber threats. In addition, our study differs from many other studies in that it is carried out as part of an ongoing online education process. Table 1 lists the methods used in similar studies and the results obtained. Detailed information about our research methodology is presented in the next section. It has been revealed that although the students do not trust the university system, they do not know how they will protect their data. It is also claimed that universities do not provide cyber awareness studies for their students.

A. Participants
Although surveys have been conducted on cybersecurity awareness before, it was concluded that the number of participants did not reflect the general profile of the university. The main reason for considering the Kyrgyz-Turkish Manas University in this study was the wide student profile and the education of students from different countries.
The study obtained a sample of students from those attending the Kyrgyz Turkish Manas University. The questionnaire was distributed online because of the Covid-19 pandemic and distance education process. The response rate for the online questionnaire was 9.73%. Thus, the total sample was comprised of 517 students between 17 and 30+ years old. In our sample, 33.5% of the students were male and 66.5% were female. The majority of the participants were undergraduate students totaling 89.6%, and master's degree and PhD students totaling 10.4%.

B. Materials
A questionnaire consisting of a few basic computers and data security questions was administered to the students to measure their level of cybersecurity awareness. The questionnaire consisted of a total of 36 questions distributed across eight sections according to their relevance. There were different questions in each section. Within the framework of cybersecurity awareness, the main aim of the survey was to measure how much information the participants had according to different situations such as malware and password security. In line with this information, the participants were first asked about their level of education, and then they were asked to give information about whether they had a personal computer. In addition, by asking questions about how the students connect to the internet, the situation of both those who have a personal computer and those who do not was analyzed. Questions about general computer knowledge, network, and information security were then asked using five different questions. The main purpose of these questions was to analyze whether the students knew computer hardware, operating systems, and attacks over the network before asking questions about cybersecurity awareness. In the remaining part, the students were asked questions about password security and social media accounts, and the information was analyzed.
While choosing the questions asked in the questionnaire, it was taken into account that not all of the students had a computer science background. Before measuring the level of awareness of an ordinary computer user about the risks of cyberattacks, it is important to determine whether they have basic security knowledge. For this reason, while creating the framework of this survey study, an attempt was made to understand whether the basis of possible unawareness in relation to the field of cybersecurity is a lack of knowledge. Since it is predicted that most of the participants are a population that uses passwords, has social media accounts, and installs various software on their computers, the questions were chosen in this direction. While analyzing the links between the questions, it was aimed to reveal what the factors affecting cybersecurity awareness are and to measure the effect level of the factors are.
The analysis in this study was performed using the SPSS 21.0 program and they were studied at a 95% confidence level. In the analysis, the frequency and percentage values were calculated for the categorical variables. The relationship between the categorical variables was analyzed using the chi-square test.

A. Demographics
According to the survey results, female participants were the majority at 66.5% compared to male participants at 33.5%. Considering the age distribution of the participants, it can be seen that the rate of those aged 17-20 is the highest with 57.8% and the majority of the students participating in the survey are undergraduate students at a rate of 89.6%. Literature, economics and administrative sciences, and engineering students participated in the survey the most at 25.0%, 22.4%, and 21.1%, respectively.
While the rate of those who have a personal computer is 59.4%, the rate of those who connect to the internet with their mobile phone is 78.9%. This is followed by those who connect to the internet using a notebook at 19.9%. This shows that the use of mobile phones by university students is higher than those who use of computers. The distribution of the demographic variables is shown in Table 2 in detail.

B. Cybersecurity Awareness
In this part, various analyses of the cybersecurity awareness of the students are presented. To make an effective evaluation, the questions were asked from general to specific. Since cybersecurity awareness is related in parallel to familiarity with the digital world and the frequency of computer and internet use, first of all, it was desirable to figure out how sufficient the students felt about their computer use. As can be seen in Table 3, the percentage of participants who find themselves to be very good and good at using computers is 16.2% and 39.7%, respectively. Afterwards, an attempt was made to find out whether the students had more specific knowledge about computers. Students, like most ordinary users, may use computers frequently in practical terms but they may not be aware of the features of the operating system they use, the use and functionality of the hardware parts involved, and the details of the network environment that they use to transfer probably thousands of data to almost every day. Learning about this situation is of critical importance to prepare the groundwork for possible training in the future. Looking at the results, the percentage of those who think that they have a good or higher level of knowledge on technical issues such as computer hardware, operating systems, and network systems is 36.0% in total. Most of the participants see themselves as having an average level of knowledge on this subject.
After this stage, the students were asked "cybersecuritybased" questions on cyberattacks, basic network security protocols, and related components. There may be students who are trained in these subjects and therefore have knowledge and there may be students who are personally interested in security. Apart from this, the number of participants who are unaware of these issues may be too high to be underestimated. The analyses undertaken to justify these assumptions have concluded that there is a serious lack of knowledge among the students on securitybased issues.
It can be seen that the number of those who have very good knowledge about attacks made over network systems is less than the average. The rate of those who are aware of "social engineering" and "phishing" attacks is 30.8%.
The rate of those who find their knowledge of HTTPS, secure connection, SSL, TSL concepts very good and good is 2.3% and 10.6%, respectively. This is understandable, considering students' majors.
While the rate of those who think that they have superior knowledge about cyberattacks is relatively low, similarly, the rate of those who follow cyberattack events around the world and in their own countries is less than those who do not. Various analyses were conducted to examine the relationship between the demographics of the participants and their awareness of cybersecurity. An attempt was made to determine whether characteristics such as gender, age, education level, and the department of the students has any effect on cybersecurity awareness. For the cybersecurity awareness assessment, the answers given to the questions were given in a hierarchical order from general to specific. These have been presented in the previous table and were taken as a basis.
The chi-square test results for examining the relationship between cybersecurity awareness and demographics are given in Tables 4 -7. Table 4 shows the relationship between the gender variables and cybersecurity awareness. When the significant results were examined (p<0.05), the level of feeling competent about computer use, the level of knowledge about computer hardware, operating systems, network systems, and the level of knowledge about attacks made over network systems were higher among the male students than among the female students.
Similarly, it was seen that the rate of hearing about "social engineering" and "phishing" attacks, the level of knowledge about HTTPS, secure connection, SSL, and TLS concepts, and the knowledge of cyberattacks were higher in male students.
Considering these results, it can be said that male students are more conscious of cybersecurity. The chi-square test results following the examination of the relationship between age and cybersecurity awareness are given in Table 5.
When the significance of the relationships was evaluated (p<0.05), it was revealed that the sum of the rates of feeling very good and good about computer use is the highest in those aged 26 and over. The sum of the rates decreases as the age decreases.
Similarly, when the level of knowledge about computer hardware, operating systems, network systems and the level of knowledge about attacks made over network systems were examined, it can be seen that while the sum of the rates of feeling very good and good was the highest in those aged 26 and over, the sum of the rates decreases as the age decreases.
These results reveal that there is mostly a direct correlation between age and cybersecurity awareness. As the student age increases, it can be considered reasonable that their cybersecurity awareness has also increased based on their experience and knowledge. However, it should be taken into account that the students' knowledge and the department they studied in may have prepared them with a groundwork, especially for computer and network security. Based on this situation, some analyses were undertaken in an attempt to understand whether the education level and departments of the students affect their cybersecurity awareness.
In Table 6, the results of the chi-square test performed to examine the relationship between education level and cybersecurity awareness are given.
The only significant result was between the level of education and the level of knowledge about the attacks made over network systems (p<0.05). The results show that the graduate students have more knowledge about network attacks than undergraduate students. The results of the chi-square test conducted to examine the relationship between the students' majors and cybersecurity awareness are given in Table 7.
When considering the significance of the relationship (p<0.05), the highest percentage of students who were the best at using computers and had a high level of knowledge about computer hardware, operating systems, and network systems were found in the Engineering faculty. The lowest rate was found in the Veterinary faculty.
When the relationship between the students' major and their knowledge of the concepts of HTTPS, secure connection, SSL and TLS was examined, it was seen that the students from the Faculty of Engineering were at the top in terms of considering themselves competent in total, whereas the students from the Faculty of Theology were at the bottom.
Since this section asks questions on specific topics related to network security, it is not surprising that the Science and Engineering students indicate that they are more proficient in the subject. It is possible that this rate has increased especially since the Computer Engineering students have taken courses related to these subjects during their education. However, considering all of the phases of the study, it has been revealed that there are other factors affecting cybersecurity awareness.  The relationship between the use of technological tools and cybersecurity awareness is illustrated in Tables 8-9. There is a significant relationship between the method of connecting to the internet and the level of feeling competent about computer use. This is as well as the level of knowledge about computer hardware, operating systems, and network systems (p<0.05). When the results were examined, those who connect to the internet using a notebook find themselves more competent in these matters.
Those who connect to the internet through their notebooks seem to be ahead compared to those who use other methods in terms of their level of knowledge about the attacks made over network systems, their hearing about "social engineering" and "phishing" attacks, and their level of knowledge about the HTTPS, secure connection, SSL, and TLS concepts.
Similarly, when the results were examined in terms of the level of knowledge about cyberattacks and their following of cyberattacks around the world, it can be seen that the rates are higher for those who connect to the internet via a notebook ( Table 8).
Considering that most of the participants are from the Z generation, it is thought that their mobile phone use is more intense than their computer use. This situation is likely to have an effect on the statistical analysis results to come out in this direction. As shown in Table 9, the rate of students who have personal computers who feel competent about their computer use and who have knowledge about attacks made over network systems is higher than that among the other students. Likewise, having a personal computer increases the likelihood of hearing about attacks such as "social engineering" and "phishing". The reason why students who own personal computers are more cyber-aware than other students may be that they spend more time on their computer. It is also possible that they are more knowledgeable about malware as they probably install antivirus-like software on their personal computers upon purchase. On the other hand, security measures can often be ignored on computers that are in common use. Most of the time, people who use computers that are common use do not care if a precaution is taken to protect them from malicious software as they will only use them for a short time.

C. Security Vulnerabilities and Cyber Threats
In this part, the analyses related to security vulnerabilities and cyber-attacks are presented. Whether the participants have been subjected to any form of cyberattack and whether they have faced the risk of a security vulnerability has been examined. Looking at the results, the rate of those who have encountered a situation such as having their password stolen or their account hacked in an online system is 23.0% ( Figure 1).

FIGURE 1: Rate of exposure to cyberattacks
To determine whether there is a relationship between connecting to the internet via phone or notebook and the possibility of being exposed to cyber threats, an analysis was conducted. As shown in Table 10, there was found to be no significant relationship between the method of connecting to the Internet and the fact that the passwords were stolen from online systems or the account hacked (p>0,05).
Interestingly, it was observed that the majority of students who were exposed to cyber-attacks such as password stealing or account hacking in online systems were students who followed cyberattacks in the news (Table 10). This is probably because the students are not aware of the concept of cyber threat or they are not aware of it when they encounter such an attack. Have you ever encountered a situation such as stealing your password or hacking your account in online systems?
Mobile Phone Notebook

D. Cybersecurity Knowledge
Information obtained on cybersecurity plays an important role in increasing cybersecurity awareness. For this reason, in this part, various analyses about the cybersecurity knowledge of the students are presented. As can be seen in Table 11 and Figure 2, the rate of participants who have heard of "social engineering" and "phishing" attacks is 30.8%. The rate of those who have a good or higher level of knowledge about the HTTPS, secure connection, SSL, and TLS concepts is 12.9% in total. According to the results, the number of participants who have never heard of the concepts of "social engineering" and "phishing" is more than twice that of those who have.

FIGURE 2: Knowledge of HTTPS, secure connection, SSL, and TLS concepts
The results of the chi-square test conducted to examine the relationship between the awareness of "social engineering" and "phishing" attacks and having knowledge about computer and network security issues are given in Table 12.
When the results were examined, the rate of being aware of cyberattacks was found to be the highest in those who feel very good about computer use, whereas the rate of awareness decreases as the computer use competence decreases.
Similarly, as the level of knowledge on computer hardware, operating systems, network systems, and network attacks increases, the awareness of attacks also increases.
As can be seen from the results, it is normal that having knowledge about the concepts related to computer and network security increases the level of awareness of cyber-attacks. This situation shows that possible cybersecurity training organized for students will be beneficial when it comes to developing their cybersecurity awareness. Additional analyses were needed to understand whether the current level of knowledge of the participants is sufficient for cybersecurity awareness. This is because sometimes the fact that participants state that they are "informed" may not mean that they are actually knowledgeable. For this reason, the results of the analysis where questions were asked about specific concepts related to network security may allow for a more accurate inference.
The results of the chi-square test are given below to help analyze whether the students who feel competent about computer use and network knowledge know about concepts such as HTTPS, secure connections, SSL, and TLS (Table  13).
When the results were examined, 11.9% felt very good about computer use, 25.0% felt that their knowledge of computer hardware, operating systems, and network systems was decent, and 34.6% of those who felt very good about attacks over network systems had a very good knowledge of HTTPS, secure connections, SSL, and TLS as concepts.  Communication tools such as social media sites, news sources on the internet, and television often provide information about cyberattacks and the necessity of precautions being taken. An analysis has been undertaken to look into whether these environments have an effect on the development of cybersecurity awareness. The results show that there is a significant relationship between the students' status of following the cyberattacks in their own country and the world and their knowledge level about cyberattacks (p<0.05). When the results were examined, 76.9% of those who felt that their level of knowledge about cyberattacks was very good followed cyberattack developments through various media tools (Table 14). When the students' awareness of "social engineering" and "phishing" attacks was examined, 84.6% of the students who claimed that their knowledge level about cyberattacks was very good stated that they knew about "social engineering" and "phishing" attacks. However, as can be seen in Table 15, only 38.5% of the students who thought that they have a very good level of knowledge about cyber threats and attacks had a very good knowledge of the HTTPS, secure connections, SSL, and TLS concepts.
This situation not only shows that the majority of the participants have a lack of knowledge about network security concepts but it also reveals the fact that the participants thought that they had an efficient level of cyber awareness even though they have relatively superficial information. In this case, it can be concluded that cybersecurity education including technical details is necessary for the students.

E. Cybersecurity Training
The analysis up to this stage has revealed that the participants mostly need to receive proper cybersecurity training. There is a need for a quantitative analysis looking into whether the students have received any cybersecurity training before, regardless of the quality of the training. For this reason, in this part, some of the analyses related to the cybersecurity training of the participants are presented. The rate of those who have never received cybersecurity awareness training is 76.8% and the ratio of those who have not received training before and who want to receive this training is 90.7% (Table 16). Considering the distribution across the faculties and the willingness to receive cybersecurity training (p>0.05), no particular faculty came to the fore as shown in Table 17. This shows that regardless of the faculty, the majority of students want to receive cybersecurity education. When the chi-square analysis on the effect of having cybersecurity training on computer and network knowledge was examined, the following results were obtained. It was observed that the students who had previously received cybersecurity awareness training felt much better about their computer use. Similarly, the results showed that the level of knowledge about computer hardware, operating systems, network systems, and cyberattacks was higher in those who had received such an education. Most of the students who had heard of attacks such as social engineering and phishing, and who have a high level of knowledge about the concepts of HTTPS, secure connection, SSL, and TSL, were also educated (Table 18).
It is obvious that the students who receive an education have more advantages in terms of their cybersecurity awareness compared to the students who do not receive such an education. However, the quality of the education given to the students is important as it is a necessity. Hightech training that includes the key points of network security will likely yield better results. This is because without knowing the working mechanisms behind cyberattacks or having sufficient knowledge about security vulnerabilities, it will not be possible to understand the importance of the precautions to be taken.

F. Awareness of Cybercrimes and Laws
It is important to be aware of the legal dimension of cybercrimes as well as the necessity of being knowledgeable about the technical details of cybersecurity. Knowing that attempting to violate the privacy of personal information through cyberattacks is a crime and that there are sanctions will allow people to act more carefully in this regard.
In this part, some of the analyses related to the awareness of cybercrimes and laws is presented. The rate of those who know that cyberattacks and trying to obtain the personal information of others through hacking are crimes and involve legal sanctions is 78.3%. The rate of those who know about the international agreements and conventions related to cybercrime is 25.7%, and the rate of those who have previously encountered someone who is on trial for cybercrime is 6.4% (Table 19). The results of the chi-square test conducted to examine the relationship between the students' faculties and the state of knowing that cyber-attacks are a crime and have legal sanctions were evaluated. The awareness level of the students in the faculty of communication was the highest. The students of the faculty of fine arts had the lowest awareness level (Table 20).
The fact that the communication faculty students have some law courses in their curriculum may be the reason for this situation. In addition, if cybersecurity is given as an elective course to all students regardless of their faculty, their awareness is likely to increase. As shown in Table 21, there is a non-significant relationship between the knowledge of international agreements and conventions related to cybercrime and the students' faculty (p>,05).

V. CONCLUSION AND FUTURE DIRECTIONS
When the results of the survey conducted involving Kyrgyz Turkish Manas University students were examined, it could be seen that the majority of the students did not have sufficient knowledge about internet use and cyber threats. At the same time, they were found to lack technical knowledge of many issues including whether the websites they visit have security certificates or whether their information can be stolen by a hacker through deception. Since cyber threats affect people from all educational backgrounds, it would not be appropriate to provide this information only in the departments that provide technical education. The results of this study also show that the students who received cybersecurity education were more competent in terms of computer use and basic network security subjects. Almost all of the students who did not receive the education were eager for the same education. The study revealed that taking this education would be beneficial to the students to help them use the internet more securely. Cybersecurity awareness training can not only teach the students to be prepared for possible cyber threats but also inform them about the legal dimension of cybercrime.
The awareness levels can be re-measured after basic cybersecurity training is given to the students as a pilot application in future studies. Cyber skills can be tested through hands-on activities where the effects of the training can be explored. The same study can also be repeated with different demographics, for example, with students from a different country. In this way, it can be understood whether the lack of cybersecurity awareness is a regional or local problem. Apart from this, future studies may offer possible solutions by measuring the proficiency of the students or a different demographics in specific areas such as social media, password security, and malware.
This study, in its current form, has some limitations as it only measures the cybersecurity awareness of the students from a certain university based on a questionnaire. This study can be re-evaluated by adding other methods such as interviews and assessment/evaluation exams. More qualitative and quantitative results will be useful to increase the reliability of the study. After adding new methods, the framework of the study can also be visualized to increase its readability and coherence.

Ethical Statement
This study was approved by the Faculty of Economics and Management of Kyrgyz Turkish Manas University document number R.30.2021/IBF-1745. (03/02/2021).

Conflict of Interest
The authors declared there to be no conflict of interest.