Urban model for cybersecurity ed: San Diego

An antivirus company and the city's Chamber of Commerce offer free cybersecurity workshops to consumers and small businesses, a program that's become a model for efforts elsewhere.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
4 min read
Darin Andersen, chief operating officer at Eset.
Darin Andersen, chief operating officer at Eset Eset

A Slovakian antivirus company with its American headquarters in San Diego is trying to make good cybersecurity just as much a part of the local fabric as good beaches and Chargers football.

Eset launched the Securing Our eCity program with the San Diego Chamber of Commerce two years ago to offer free workshops to consumers and small businesses on how to stay safe online. Today it has become a model for similar initiatives being launched in Malaysia, Buenos Aires, and London. And it helped with the creation of the Stop Think Connect campaign launched last week as part of National Cyber Security Awareness month.

"San Diego is the first community to implement the messaging in a complete awareness campaign," with billboards, public service announcements, and radio and print ads, Darin Andersen, chief operating officer at Eset, told CNET in an interview this week.

The Securing Our eCity program isn't just for consumers and businesses plagued by spam, phishing attacks, and identity fraud scams. It's also helping police, city officials, educators, and critical infrastructure operators keep basic services up and running.

In July, the head of a utility company in the San Diego area that was hit by the Stuxnet worm, which specifically targets critical infrastructure, confided in Andersen at a symposium held by the Securing Our eCity program. The utility needed help doing forensics to determine how bad the infection was and to figure out how to mitigate the impact. Using his Securing Our eCity connections, Andersen connected the utility with experts in the area and the rest is history, as they say.

"They were pleased that they had a resource in the community that could help them with that," Andersen said, declining to identify the utility involved. "This represents the power of people working at a local level to solve problems that have a big impact on many people."

Eset came up with the idea for the Securing Our eCity program when researchers there realized that even the best security software and hardware can't totally protect computer users from the growing number of social-engineering attacks that are designed to trick people into putting themselves at risk. These include the phishing e-mails that look like they come from a bank, as well as the Facebook money requests from accounts of friends who say they are stranded in a strange land, and the Twitter posts with links that lead to malware instead of videos of cheerleaders.

The program started out providing free workshops to consumers and small businesses on how to recognize and avoid the threats online. About 2,400 people have gone through 150 different training sessions, and many others have done online sessions, according to Andersen.

The program also helps cities and organizations get federal grants to be used for education and strengthening cybersecurity. For instance, the Department of Homeland Security recently awarded the City of San Diego $325,000 to be used on education and protecting the water and power plants, and other cyber infrastructure in the city, he said.

The Securing Our eCity program also holds workshops at electronics retailer Micro Center's stores around the country, as well as offers training to the San Diego Mayor's office and school district and the U.S. Navy, which has historically had a major presence in the area.

Anyone can benefit from the training, he said, recounting anecdotes of some of the individuals the program has helped. For instance, there was the grandmother of a high-level Microsoft employee who got a phone call from someone claiming to be a relative in need of money on a trip. She sent the money but won't be making that mistake again, thanks to the program and some help from some people at the Microsoft security team.

Then there were the two lawyers who were separately contacted via e-mail by someone outside the U.S. who claimed to want legal representation to prosecute a case in this country and said they needed help completing a foreign financial transaction. The lawyers agreed to accept money into their bank accounts and transfer it on, but then realized they had been scammed when the original transfer was reversed and they found themselves out thousands of dollars. "They didn't know the laws around foreign transfers," Andersen said.

These scams that prey on people's trust can't be prevented with software, a point Eset has made to Apple. Last year, an Eset survey found that proportionally more Mac users feel safe online than PC users. Regardless of how secure the operating system really is, that elevated sense of security puts Mac users at more risk than PC users, said Andersen. "Most bad guys target technical attacks against PCs, but behavioral attacks target both platforms," he said.

Because the concept of antivirus protection "doesn't resonate" with Mac users who don't think they need it, Apple talked to Eset about providing Securing Our eCity education programs in the Mac stores, Andersen said. "Somewhere along the way it was suggested putting links to cybersecurity training directly in the Eset Cybersecurity for Mac antivirus product," he said.

The software, which will be available for download and sold in Mac stores in about a month, will offer a way for users to do virtual workshops on how to stay safe online, according to Andersen.

"This is the first Mac antivirus product that includes education directly in the product," he said.