Antimalware Day 2019: Building a culture of cybersecurity awareness – 10 minute mail

The introduction to a series of articles marking this year’s Antimalware Day and highlighting the importance of cyber-readiness

First off, why Antimalware Day? How did it come to be? A brief trip into recent history will help answer these questions. On this very day 36 years ago, Fred Cohen, then a graduate student, created a proof-of-concept computer program that was capable of spreading to all users of the system and obtaining control of its data and privileges. Professor Leonard Adleman, who was Cohen’s Ph.D. advisor, decided to call that code ”computer virus”. As part of their work, Cohen wrote a paper in 1984 that became the first research paper to use the term “computer virus”.

Fast forward to 2017 and ESET declares November 3 as Antimalware Day in order to recognize the work of the two computer scientists, who laid the groundwork for research into computer threats.

But let’s go back to the present and, indeed, near future. In our technology-driven, always-on world, nobody can afford to overlook the importance of cybersecurity. With that in mind, in order to mark this year’s Antimalware Day, we’ll publish a series of articles in November that will share the same recurring theme – cybersecurity education and awareness.

Firstly, we’ll suggest a few practical steps that organizations can take to help ensure that their employees are cyber-ready. After all, it is well documented that many breaches are enabled by human error, indeed a worrying find.

Also this month, we will interview cybersecurity experts to hear what they have to say about the availability of training and certification for people interested in pursuing a career in information security.

Yet another article will bring up questions such as, ‘should computer security be a compulsory subject in schools?’ and ‘how cyber-prepared (or not) is our society?’.

Lastly, we will direct our focus at senior citizens, who didn’t grow up with the technologies we can’t live without today. How can the elderly be made more cyber-aware? How can their children and grandchildren help them stay safe and secure in the digital age? For answers to these and many more questions, check out our upcoming series of articles celebrating Antimalware Day.

We hope this date will help reinforce the importance of antimalware in a world where computers can now fit into our hands. Today is a day that we invite you to become part of this initiative and help spread its message.

Happy Antimalware Day!



Tomáš Foltýn


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Five ways to strengthen employee cybersecurity awareness – 10 minute mail

How can organizations foster a workplace environment that enables employees to acquire the skills needed to keep cyber-threats at bay?

Since human error has a well-documented history of causing many breaches, no organization can afford to overlook the importance of ensuring that its employees are aware of online dangers. This is mainly why the first installment in our series of articles to mark this year’s Antimalware Day will outline five ideas for creating a culture that inspires staff to stay on their toes and with cybersecurity top of mind.

Establish an email address for queries

Creating an email account where employees can send their questions on any and all things cybersecurity provides for a good start and has multiple benefits. For one thing, the designated email account can encourage employees to come forward and ask questions that they might not otherwise ask. Employers can also ask their staff to forward suspicious-looking emails to the address for review, which can help the employees become more astute at recognizing fraudulent email messages. That said, make sure that the mailbox can only be accessed by very well (and specifically) trained staff. The messages can also be used for organizing training sessions that will benefit the other employees and the company as a whole.

Set up an early warning system

To counter malicious spam campaigns, it’s worth considering establishing a dynamic and proactive early warning procedure that allows for alerting the entire company and keeping all employees informed that a malicious campaign is circulating. This can cut the risk that an unsuspecting employee will fall for the trap, putting organizational, employee and customer data in danger. Additionally, the system serves to reinforce awareness of some of the main cybersecurity threats and common techniques used by cybercriminals, even where they leveraged some tried-and-tested methods. Lastly, the procedure may enable security staff to analyze the campaign’s features.

Organize talks and trainings

Talks with experts, be they employees of the same organizations or guest speakers, can also go a long way towards educating staff on various aspects of information security. Since organizations typically employ professionals from various fields, it may be advisable to set up separate talks that target the abilities, interests and experience of various groups of people. A picture is worth a thousand words, so you can’t go wrong with using any kind of visual material that makes the session more engaging.

Run contests

Everybody loves to compete – and win, right? Employee contests are a fun way to help instill robust cybersecurity habits. For instance, materials from trainings or talks can be leveraged for quizzes that will not only reward the winners, but will also provide your organization with better insight into just how cyber-aware the employees are. You can also organize a bespoke social engineering simulation to find out how easy it would be for threat actors to penetrate your company’s defenses by targeting the human factor. The results can also be used to determine which aspects of cybersecurity should receive more attention in future training sessions.

Draft a good practice guide

Draft a document that details the most efficient ways to help the company and its employees ward off cyberattacks. Such guidelines may include, for example, information about how to configure devices securely, how to encrypt information, how to set up two-factor authentication factor on various services. It’s also important to make sure that the guides are easy to read, contain only the necessary information, can be easily accessed by any employee, and are kept up-to-date.

Bonus idea

Lastly, here’s a suggestion to help retain all that information. Leave quick messages or notes that are intended to teach employees about good cyber-hygiene in places where they would never expect to find them – office restrooms, kitchens, and elevators. Finding such a message in an unusual place can actually boost learning and enable the employees to recall the lessons learned when it matters the most, such as when they’re targeted by phishing attacks.



Juan Manuel Harán


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Getting into cybersecurity: Self‑taught vs. university‑educated? – 10 minute mail

Are you considering a career in cybersecurity? What learning path(s) should you take? Does formal education matter? ESET experts share their insights.

With cyberthreats on the rise, cybersecurity professionals are, unsurprisingly, a hot commodity. According to a recent study by Cybersecurity Ventures, there will be 350% growth in open cybersecurity positions from 2013 to 2021 and it is estimated that, due to the talent crunch, there will be 3.5 million job openings in the industry by 2021.

With that in mind, one of our articles to mark this year’s Antimalware Day features insights from several ESET security researchers. We asked them a series of questions to learn how they built their expertise and to gather their thoughts about the usefulness of formal education versus self-study for becoming a security practitioner.

Learn all by yourself?

While more and more colleges and universities worldwide offer degree programs in computer security, far from all academic institutions have launched such programs. Indeed, many experts in the field are self-taught and/or have acquired their skills through various non-academic courses and certifications.

ESET Distinguished Researcher Aryeh Goretsky, who embarked on a career in IT security in the late 1980s, notes that back then there weren’t actually any courses or certifications specifically focused on computer security.

“Computer security was taught, but it was largely in terms of models for access control, and I think tended to focus more on the concept of securing multiple-user computer systems and users’ access to them being seen as more of an atomic model than as bits and pieces of a larger, more globally-interconnected system. So, the people who were interested in the concept of cybersecurity, of how disparate computers and networks might behave towards each other, kind of had to self-teach. Some of that might come from reading standard computer science and engineering and reference tomes, and learning about computer and network operations, but some of that knowledge came from… shall we say, unofficial and very hands-on experimentation,” he explains.

This is echoed by Marc-Etienne M.Léveillé, a malware researcher at ESET’s lab in Canada who studied software development and computer engineering. “The things I have learned in college or university aren’t directly relevant for my position as a security researcher. I had to learn about many aspects of security on my own,” he says.

This is no doubt also the case with many other experts. There are a multitude of online learning resources these days, including countless massive open online courses (MOOCs) for people with various levels of skills and experience. Also, social networks, notably Twitter, and many other online services, including YouTube, offer great opportunities for people keen to exchange knowledge and experience, ultimately enabling them to learn from one another.

“It is true that the technology and security community is growing and many people are happy to share their knowledge, which allows newcomers to get support from established professionals,” says ESET Brazil researcher Daniel Cunha Barbosa. “While self-learning is a possible path and it is how many experts in the industry received their training, it is not the only option,” he adds.

Indeed, while security professionals need to continue to learn on their own and sharpen their skills almost daily, many will agree that there’s an undeniable value in academic training.

“If I had to do it again, I’d still choose to go through college and university. Both gave me the opportunity to meet people and participate in extra-curricular activities such as competitions and security conferences that I enjoyed so much. Some schools also offer internships, which also helps getting started in the field,” says Léveillé.

Formal cybersecurity programs

As online threats have increased dramatically, says Goretsky, so has the desire to standardize the pedagogical aspects of those who would learn to practice cybersecurity.

“I think that overall it is a positive thing that the wide range of cybersecurity education at all levels – not just university – is out there, but I also worry about its quality. We need theorists as much as we need operationalists, and we need those people to be well versed in the building blocks of very complex and complicated systems. A lot of that can be learned, but there’s still a considerable need for being autodidacts who can take what they are learning and build complex structures and ideas with that learning. Do the postgraduate courses and certifications allow people to expand on what they learned in university, or was what they were taught too limited or brittle a framework for them to provide a solid foundation for cybersecurity concepts? I don’t know,” he adds.

Cunha Barbosa adds that “the fact that there are specialization and postgraduate programs on top of degrees is itself a positive thing, since having a degree that gives the future expert broader educational foundations will allow them to learn about aspects of technology that go beyond security and will ultimately help them become better prepared for the challenges”.

In Canada, says Léveillé, colleges and universities are now offering an increasing number of information security programs. “There are now degrees with specialization in computer security. Before, the only option was to do software development or computer networking. Cybersecurity experts need both, with a different approach,” he said, before adding: “There is still a growing need in our industry that we must fill. With the effort from the educational programs, perhaps we will see a more stable situation in a few years.”

A lack of cybersecurity career awareness

Young people often have a hard time deciding what career path to follow, and many finish high school without having a clear idea about what they want to do next. Cybersecurity is often not on the radar of young people because many of them lack enough information about this – arguably less traditional – career path in the first place. Perhaps more important: their assumptions of what a career in cybersecurity actually involves may be very inaccurate.

“The trope or image of the disaffected youth being a hacker and attacking computers (or ‘conducting offensive cyber-operations’) and gaining fame and fortune or ‘full-spectrum information dominance’ is appealing to youth but what’s lacking is a realization that there is much, much more to cybersecurity as well,” says Goretsky.

That said, there is a sense that the general interest in pursuing a career in computer security has been trending higher in recent years, which may ultimately also help remove some of the common misconceptions.

“I see a lot more students interested in computer security than when I was a student myself. Before, it was something you’d have to be interested in on your own. Now there are enterprises and schools that encourage more students to enter the field. I think there’s a growing demand from the industry, perhaps due to the increase in attacks,” says Léveillé.

Turning briefly to the importance of incorporating security from the onset of software development, we asked Léveillé if he thinks that college and university curricula give students enough opportunities to learn security-by-design principles.

“I think that, nowadays, secure development is pretty well taught. However, the problem is that developers need the incentive to apply what they learn. Insecure code should be caught during code review and blocked from being included in the project. If developers see that their code is repeatedly rejected for security reasons, they will pay extra attention and will develop the right ‘reflexes’,” he said.

Conclusion

Given the growing range and constant evolution of threats, there’s clearly an urgent need to train and educate the next generation of IT security professionals and help plug the industry’s talent gap. Options and opportunities abound; at the end of the day, the future is bright for people looking to build a career in cybersecurity.



Juan Manuel Harán


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Should cybersecurity be taught in schools? – 10 minute mail

Experts weigh in on whether schools should teach kids the skills they need to safely reap the benefits of the online world

With education being one of the key factors in everyone’s life, the education system of any country seeks to provide children not only with elementary competencies, but also equip them with at least some of the skills that they’ll need to successfully navigate their daily lives. In our technology-infused era, then, there’s a strong argument for including also basic cybersecurity skills among the kinds of skills that help people thrive in life.

Besides parents, schools, too, clearly have a role to play here. Hence, this installment in our series of articles marking this year’s Antimalware Day will attempt to answer several questions that revolve around the importance of cybersecurity education in the classroom. In so doing, we will also rely on input from several organizations, mainly from Latin America, that have an active role in educating future generations.

Do children and young people finish primary and secondary education with sufficient skills to stay safe online?

It is safe to say that young people are too often unaware of the risks that excessive sharing of photos and posting sensitive information on social media involves, nor do they associate such habits with problems that may ensue, such as grooming, sexting, cyberbullying, and phishing. After all, this is confirmed by findings gathered in a project called “Promoting information security in the school environment” (only available in Spanish) and prepared by the National University of Córdoba, Argentina. As the project’s creators explain, the proliferation of such poor cyber-habits has created the need for parents and educational institutions to actively seek information about privacy and security, notably about various aspects of data protection, cryptography, and prevention from identity and information theft and web-based cyberattacks.

Meanwhile, the Computer Emergency Response Team of the National Autonomous University of Mexico (UNAM-CERT) echoes the view in that children and teens don’t have sufficient cybersecurity skills when they complete primary and secondary education. While computing classes do sometimes include aspects of good cyber-hygiene practices, online behavior isn’t thoroughly addressed. “Just as children are taught about earthquake prevention, they should be educated about the responsible use of information technologies,” said UNAM-CERT.

According to Argentina Cibersegura, an NGO that carries out security awareness projects in Argentina, the poor cyber-hygiene skills of young people are due to several reasons. They include the fact that every school gets to decide whether or not it will include cybersecurity basics in its curricula and that teachers themselves are often unable to teach digital skills and specifically cybersecurity.

The United Kingdom, for one, has unveiled new statutory guidance that, among other things, imposes the obligation on elementary schools to implement cybersecurity education into their curricula as of 2020. To aid the process, the schools can even rely on detailed guidelines that should help them prepare pupils for the modern challenges of the online world.

That said, many experts note that curricular changes are unlikely to be enough. “[W]hilst the forthcoming changes to the curriculum are to be welcomed – they need to be funded appropriately – with the right level of teacher training. Unless something changes to provide funding and training, perhaps as part of the election campaign, it’s hard to see how these changes on their own will be sufficient,” Claire Levens, Policy Director of the NGO Internet Matters, told WLS.

Is there enough awareness about the importance of cybersecurity education?

It’s common for people to deal with a problem only when it ‘hits close to home’. As a result, according to UNAM-CERT, many people use technology without giving much thought to the risks of having their personal information stolen until they themselves or their relatives become the victims of cybercrime.

“Information security is often seen as merely a cost, rather than an investment. This results in the failure to allocate resources towards cyber-preparedness, even though investing in education, for example, could bring savings thanks to avoiding cyberattacks and their impacts,” said UNAM-CERT.

Additionally, teaching kids about cybersecurity from an early age could actually help many of them discover this dynamic field and ultimately contribute to closing the talent gap that plagues the industry.

Should cybersecurity education be part of formal education?

Spain, for one, has also considered the idea of adopting official guidelines to ensure that children are taught about online risk and safety behaviors from an early age. Beside adapting Spain’s law to the European Union’s General Data Protection Regulation (GDPR), the country’s Organic Law 3/2018 on the Protection of Personal Data and the Guarantee of Digital Rights also contains a section on the need for increasing the role of cybersecurity education in school curricula. By extension, the section stipulates that the education system guarantees the opportunity for all children to learn to use technology in a responsible and respectful way, as well as in a manner that protects their personal data.

Drawing on this example, Argentina Cibersegura believes that cybersecurity education should be a mandatory part of curricula, not least because “the purpose of schools is to educate citizens – and digital technology cannot be left behind”.

UNAM-CERT echoes this view, noting that cybersecurity education must be compulsory in primary- and secondary education because we live in a digital world and it’s important to ensure that pupils and students can protect themselves by understanding how technologies work and what kinds of risks they involve”.

Are teachers prepared?

Although many teachers may be well-versed in modern technology and may have integrated, for example, collaborative and other tools into their classes, this doesn’t mean that they’re prepared to provide guidance on safe cybersecurity habits.

Indeed, when asked about whether teachers are prepared to teach kids about cybersecurity, Levens of Internet Matters had this to say: “Not at all. We should also be mindful that schools are being asked to do so many things and online safety and security will only ever be a low priority.”

There’s not much cause for optimism in Latin American countries, either. A recent study (available in Spanish) by Mexico’s National Association of Universities and Higher Education Institutions (ANUIES) found that only 51% of third-level education institutions provide training on good cyber-hygiene to their personnel.

In Argentina, the sentiments are similar. “We work with teachers on a regular basis, and neither the education system nor teachers themselves are equipped to deal with this challenge,” said Argentina Cibersegura. “While more and more teachers attend talks offered by Argentina Cibersegura to learn about online dangers, they don’t feel comfortable addressing the issues in the classroom. Everybody believes that this should be done by computer science teachers – a role that most schools don’t even have,” said the NGO.

To wrap it up, there are actually examples of initiatives – the Cybersecurity Education Training Assistance Program run by the US Department of Homeland Security – that are aimed at equipping teachers with the skills they’ll need to teach cybersecurity in the classroom. While much remains to be done to deliver enough knowledge to pupils and students about safe online practices, there is indeed a sense that the importance of cybersecurity education is receiving ever more attention.

Teachers, but not only them, may also want to refer to our recent article that summed up free cybersecurity training and awareness programs for educators.

To learn more about more dangers faced by children online as well as about how technology can help, head over to https://saferkidsonline.eset.com.



Juan Manuel Harán


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

5 scam prevention tips for seniors – 10 minute mail

How can people who didn’t grow up with technology protect themselves against some of the most common types of online fraud?

The conventional thinking is that aging people tend to be at a higher risk of falling prey to scam artists than their children or grandchildren. Regardless of whether this is true or not, older people in the United States alone are swindled out of some US$3 billion a year via all manner of schemes, including internet-enabled theft, fraud, and exploitation. Moreover, any such statistics are likely to represent only a fraction of the actual damage, since many victims are too embarrassed to come forward and admit that they had been taken in by scammers.

What makes many older people vulnerable to online fraud, anyway? Among other things, fraudsters may exploit their trusting nature and, in some cases, deteriorating cognitive abilities caused by aging. Needless to say, the con artists may leverage the fact that the intended victims didn’t grow up with technology and never took even the most basic cybersecurity training. Partly with that in mind, this year’s series of articles marking Antimalware Day will conclude with a few tips that can help (not only) the elderly stay safe from common types of online scams.

Be skeptical

Never assume that a stranger online is a trustworthy person. Indeed, you would be well-advised to always consider the possibility that the unexpected message may be a scam attempt. By extension, you should exercise caution even if the message comes (or seems to come) from someone you do know, and this applies equally to messages delivered via email, instant messaging apps or social media. Watch out for anything unusual about the message or sender; it could be a bad guy who has hijacked your friend’s online account and uses it to blast out malicious spam. If in doubt, throw it out!

Don’t click

A phishing attack, which is one of the most pervasive online cons, typically begins with an unsolicited email or social media message in which the fraudster impersonates a trusted entity and, using social engineering techniques, attempts to persuade you to hand over your sensitive data, such as credit card details or login credentials. Many con artists have diversified far beyond misspelled and purely text-based phishing messages, building entire lookalike websites and Facebook pages as lures for campaigns. You should never automatically assume that any material received out of the blue – no matter how official it looks – is authentic. Be wary of clicking on links or open attachments in emails even if the message appears to be from a known, trusted source.

Say no to ‘freebies’

Similarly, fraudsters may also send you an email to congratulate you on your ‘win’ in a lottery or sweepstake you never entered in the first place. Nevertheless, in order for your ‘prize’ to be released, they will ask for your personal details and/or request a payment upfront in a kind of ‘advance-fee scam’. Typically, the missive will instill a sense of urgency, asking you to respond promptly or risk missing out. Remember that legitimate lotteries never require winners to pay fees to collect their winnings.

Never wire money to strangers

Confidence/romance fraud, where the victim is tricked into sending money or personal information to the false admirer, was the second costliest type of online fraud to hit people of all ages in 2018, causing aggregate losses worth US$362 million. Worse, the FBI’s latest Internet Crime Report also found that almost one-third of romance scam victims are estimated to have been used as money mules, which made them unsuspecting crime accomplices. Romance scams have for years been high on the list of the most common scams against seniors, which may not be surprising in the sense that loneliness is one of the most common issues many seniors face.

Hang up

In tech support fraud, con artists will often seek to convince you that your computer has been compromised by malware and that you need to provide them with remote access to your device so they can fix the issue. Of course, the pretext is fake, but the ensuing damage – the loss of personal information and money – is very real. You should never provide a stranger with remote access to your computer, even if they claim to represent a reputable vendor.

Bonus tip

The last tip is mainly intended for the younger of us: Let’s keep an open dialogue with our parents and grandparents and explain the basic cybersecurity practices to them in a relatable manner. On top of acquiring a better understanding of the dangers of the online world, many of them will feel more engaged and less lonely, which may ultimately help them stay safer online.



Tomáš Foltýn


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.