Tallinn, 16 May 2017

One of the leading Estonian technology portals www.geenius.ee reviewed CybExer CyberHygene e-learning platform and they only had positive things to say. Below is the full translation of the article by Hans Lõugas (Geenius.ee).

Computer security starts with people, and an Estonian company has devised a unique test for measuring it

by Hans Lõugas

During the presidential election of 2016, a press photographer captured Siim Kallas reading an important message on his phone. The test measuring the security of one’s computer and telephone use features similar cases, too, and educates users about screen privacy filters, for example. Photo: PM/Scanpix

  • The test puts people in real-life situations and measures how likely their behavior would be to result in hacking, data theft or other type of attack.
  • Thousands Estonian government officials will start taking the test this week.

While stories about cyberattacks fill our news reports day in and day out, in addition to technicalities, it is human behavior that is behind all of these. One Estonian company has created a one-of-a-kind test, which shows the person’s level of risk of falling victim to cyber threats. This week, thousands Estonian government officials are to start taking the test for self-evaluation; moreover, within rather a short period, the company has managed to find clients in other countries.

Cyber hygiene: elementary principles of computer use

When you are on a bus and you are reading work e-mails, should you be concerned with whether another passenger can see your smartphone screen?

And if you bring a memory stick with one participant’s ‘good offers’ from a trade fair, will you stick it into you work computer right away?

Or what if you receive a surprise e-mail from someone you know with an Excel file attached, but, before you can see its content, you are required to ‘run macros’?

Nowadays such questions have become quite a pain in the neck because there is often a very thin line between threat and security in the digital world. However, now there is a unique test developed by an Estonian company for enhancing cyber security, and tens of thousands of people will have taken in in just a couple of months.

Janek Gridin, member of the board of CybExer Technologies (an Estonian enterprise promoting cyber hygiene), elaborates on how exactly computer security starts and ends with the user. If an individual takes one wrong step, expensive equipment and software that are supposed to ensure security will be of no use. People with good cyber hygiene, on the other hand, majorly contribute to decreasing a variety of risks, including identity theft and crypto-ransomware, fishing and financial scams.

This is what CybExer has developed its unique cyber hygiene test for. “It’s not a pass/fail test but rather a quiz that discloses the test-takers strengths and weaknesses. It gives scores to help people understand what they are good and not so good at,” Gridin explains.

After taking the test, one will see a ‘virtual radar’ image showing the levels of risk in different dimensions. Photo: screenshot

The idea of this product did not exactly come out of the blue. “Certificate number 000 should be issued to our Ministry of Defense,” Gridin notes. “It was them who came to us three years ago saying that we somehow need to find a way to protect our people.” At the beginning of the year, CybExer started marketing the test to others as well, and saying that it has attracted considerable interest would be an understatement.

Guardians of state secrets and nine-graders alike

Who does not need cyber hygiene? Everyone does. While one end of the range features government officials who handle state secrets, on the other, there are ninth grade teenagers who took the test at the beginning of May at the vocational education fair Young Master 2017.

“For nine-graders, this cyber hygiene test was slightly adjusted: we made some questions clearer for them,” says Triin Muulmann, an ICT teacher at Kehtna Vocational Education Center, who organized the test during the fair. “But it is not at all meant for teenagers with some special skills or background; anyone could take it,” she adds. “What kind of a password do you use? Do you use two-factor authentication? Do you use your friend’s computer or smart device to do schoolwork?” are some examples that Muulmann provides. Following the sort test, teenagers could have an overview of the level of their skills and knowledge as well as their potential weaknesses.

Participants of the Young Master 2017 vocational education fair taking the cyber hygiene test. Photo: Young Master FB

According to her, the evaluation of computer security and the relevant skills is important in a much broader context than one education fair. Among other things, it would be useful for providing vocational education centers with an overview of the skills and background of fresh IT students. “So far, there has been nothing like it [the CybExer test],” Muulmann notes.

Cooperation of two Estonian companies

CybExer is not a name widely known in Estonia, and even the cyber hygiene test became one of the products it offers just recently; all of that initially created distrust in some of those who might be interested in the product.

However, the distrust should dissipate once we look at the background of this solution. This is essentially a joint project of two Estonian IT companies. One of them is Bytelife, an IT infrastructure and service provide with almost ten million euros of annual turnover, which lists banks, finance enterprises, the state-owned Eesti Energia and many others among its clients. The other firm, BHC Laboratory, with the former Minister of Defense Lauri Almann as it most prominent executive, organizes cyber warfare exercises in various countries of the world. These two combined do make CybExer quite reputable.

This is how CybExer has become one of the leading exporters of cyber solutions in Estonia in a matter of years. According to the company’s speaker, their client portfolio comprises over 15 foreign governments and international organizations.

As institutions and enterprises find that the necessity of evaluating the cyber skills and potential risks of their employees keeps increasing, the demand for CybExer’s test has soared within a short period. Girdin gives a list of the company’s partners, which contains a bank and a software enterprise, universities and government agencies as well as critical service providers. Among others, the Ministry of Defense also uses the solution to test it employees.

The test features real-life situations

“Cyber hygiene is, in fact, not much different from daily personal hygiene,” Gridin says in Bytelife’s office on Toompuiestee Street in Tallinn while the place is buzzing with people and activity. “During a flu season, if anyone attempts to come to work when they are ill, we send them straight back to get well or work from home if they must. Cyber hygiene is essentially the same. We need to think how to use computers so that we do not pose a threat to ourselves and others.”

During the test, people are presented with a selection of situations and asked to choose the solution which they believe to be right, responding as sincerely as they can. Those real-life examples describe typical cases when people’s behavior can result in a cyber threat incident: hacking, an attack, data theft or something else.

Geenius editor’s office has tried taking the test to see what its results mean: read an overview here.

Tens of thousands of government officials to take the test

It is of critical importance for the Ministry of Defense, which is the first to start using the cyber hygiene test, that its officials do not take unnecessary risks in their use of technology.

“We have been implementing the cyber hygiene initiative for the second year in a row to measure our people’s awareness about behavior in the cyber space, and we check it at least once a year,” says Erki Kodar, the Undersecretary for Legal and Administrative Affairs at the Ministry of Defense. “It helps us determine the focus of cyber security training by highlighting problem areas. Our experience so far has been utterly positive, which is illustrated by the fact that the ministry employees are much more aware of cyber threats and more cautious in what they do,” he notes.

While the Ministry of Defense has been using the test for a while, it is now, in May 2017, that other Estonian government officials will start taking it. On 1 July Estonia’s of the European Union presidency will begin, and impeccable computer security is necessary for crisis prevention as well as to set an example for those who visit the country during this period. The national Information System Authority will be implementing CybExer’s cyber hygiene test to obtain a broad picture of the skills and attitudes of tens of thousands people in the public sector.