From Reactive to Resilient: An OpenCTI-Driven Cyber Threat Intelligence Framework for Academic Institutions

The education sector; spanning universities, colleges, and research institutions, has increasingly become a prime target for cyber adversaries. Its open network environments, large and diverse user populations, and valuable intellectual property present a unique and challenging security landscape. Traditional reactive cybersecurity measures are often insufficient against the sophistication and persistence of modern threats. This paper introduces a proactive cyber threat intelligence (CTI) framework tailored specifically for the academic environment. Leveraging the open-source OpenCTI platform and integrating it with external intelligence sources such as AlienVault Open Threat Exchange (OTX), the proposed framework enables automated ingestion, enrichment, and analysis of threat data. By mapping this intelligence to the MITRE ATT key considerations for resource-constrained academic environments. The findings demonstrate how structured intelligence, when operationalized effectively, can help institutions detect threats earlier, reduce risk exposure, and protect both institutional integrity and national research assets. This work contributes a practical, scalable, and actionable model for improving cybersecurity resilience in the education sector, with broader applicability to other open, collaborative environments facing similar challenges.