Just a couple of decades ago, hygiene was primarily associated with medicine — it was a field that helped people maintain their health. Hygiene generally referred to things like regularly washing your hands and brushing your teeth. The most up-to-date and continuously evolving database of the Estonian language, Sõnaveeb, defines the term cyber hygiene as follows: it is the conscious effort by a state, institutions or individuals to protect their digital devices and electronic data.

Basic cyber hygiene still protects against 98 percent of attacks. Cybersecurity is not just an IT issue — it needs to be addressed at all levels of society and across different social groups.

How to get more cyber specialists?

The Information System Authority (RIA) supports the cybersecurity ecosystem by organizing training sessions for both young people and adults, as the demand for specialists continues to grow. The European Commission has acknowledged that criminals have significantly benefited from technological advances, while measures to combat cybercrime have failed to keep pace (European Commission, 2019).

This problem is further exacerbated by the shortage of cybersecurity specialists in both Europe and North America, coupled with the general lack of public awareness and poor cyber hygiene. For example, in 2023 alone, Europe faced a shortage of nearly one million cybersecurity professionals (approximately 883,000).

By 2025, the global number of unfilled cybersecurity jobs is expected to reach 13.5 million. In Estonia, as of 2023, up to 870 additional cybersecurity specialists were needed — an 86 percent increase in the current workforce. In addition to the demand for cybersecurity experts, it's also essential to improve citizens' cybersecurity skills. To achieve this, key cybersecurity topics should be incorporated into the national curriculum at the elementary, secondary and higher education levels.

There are plans to increase the proportion of women and girls in the cybersecurity workforce (currently, women make up 20 percent of the field). RIA has organized two international cybersecurity youth camps specifically for girls in the third stage of basic school. It also collaborates with universities and vocational education institutions to integrate cybersecurity modules into non-IT disciplines such as law, political science, education, journalism and others.

In 2014, a project officially began that can be described as "cyber conscription." Thanks to this initiative, the Estonian Defense Forces have developed a reserve unit composed of cyber engineers — now larger than an infantry platoon — capable of solving complex IT problems, designing and developing hardware and software and defending systems against cyberattacks, even on the battlefield if necessary.

Cyber service is at war every day, with constant defensive and offensive operations underway. The Defense Forces' Information and Communication Technology (ICT) Center functions as a battalion that trains for digital warfare. The goal of the Cyber and Information Operations Center (KIOKE) is to protect the Defense Forces' ICT systems and the data processed within them from cyber threats and attacks, as well as to plan and conduct cyber and information operations.

The Strategic Communications Center of the Defense Forces trains "media soldiers," who are actively involved in media operations. These conscripts gain practical skills they can use even after entering the reserves.

A new initiative aims to combine vocational education with military service. For example, ICT students now enter conscription service in place of their third-year internships. After completing the basic training course, they move into specialized service. The goal is to align a soldier's civilian background with military service by combining civilian and military vocational training.

How to boost cyber hygiene of children and teenagers?

The goal of Estonia's Lifelong Learning Strategy 2014-2020 was to ensure that competencies related to digital skills would include cyber literacy and that, in addition to digital technology, basic knowledge of cybersecurity would be integrated into curricula. While a cybersecurity curriculum does exist for Estonia's basic and upper secondary schools, it is offered as an elective and cybersecurity is actively taught in only a small number of schools.

Cyberbullying is bullying carried out using digital technology, but much of what applies to traditional bullying also applies to cyberbullying.

Young people often don't grasp the seriousness or consequences of cyberbullying and tend to treat it as a joke. Empathy on social media has all but disappeared. Many young people avoid intervening in bullying because they fear becoming targets themselves.

Cyberbullying can be divided into two categories:

1. Direct cyberbullying (the target is aware): This includes sending offensive, harmful or threatening messages, images or videos to the victim or flooding their social media account with inappropriate content. Excluding someone from a group chat (i.e., ignoring them) is also considered cyberbullying.
2. Indirect cyberbullying (the target may initially be unaware): This includes sending false or embarrassing information about someone to others or using fake accounts to send inappropriate messages. Filling the victim's social media account with inappropriate content also falls into this category.

According to the EU Kids Online study (2020), 27 percent of Estonian youth aged 9-16 have experienced cyberbullying, while 15 percent admitted to bullying others. How can we prevent bullying? By fostering cooperation skills in young people, ensuring that children are online with adult supervision at least during some activities and teaching cyber hygiene — what is and isn't appropriate to share about oneself online. Faster and more active responses from online platforms to incidents of cyberbullying would also help.

In Estonia, web police officers play an advisory role by conducting trainings and preventive activities in kindergartens and schools. The first level of prevention involves educating schoolchildren about social media. The selective level targets groups at higher risk of undesirable behavior. The third level, indicated prevention, focuses on individuals already identified as high-risk or who have already acted out.

Preventive efforts rely on cooperation. Web police also attend parent meetings to inform them about young people's social media activity, since most parents are not sufficiently aware of the dangers circulating online. According to various studies, in 2022 there were 375,230 reports of children sharing pornographic content. Girls are particularly vulnerable.

A Snapchat survey of 6,000 minors found that in 65 percent of cases, images were obtained through manipulation on social media, while 31 percent of minors had shared such images themselves when asked. This type of manipulation, known as sextortion, typically involves the use of fake identities. Among adults, sextortion is often aimed at extorting money. Content involving verbal bullying and mockery is especially difficult to remove from these platforms.

In summary

Efforts should be made to raise security awareness, shape the right attitudes and promote better cyber hygiene from an early age. Doing so could reduce incidents caused by human error and inspire young people to pursue careers as cybersecurity professionals.

Improving the cyber competence of different target groups remains a relevant issue and working with young people is especially valuable. Estonia already has a number of initiatives aimed at better understanding the behavioral factors that influence cybercrime and at educating children and teenagers about the benefits, risks and dangers of the digital world.

Collaboration is key — not only among companies working in cybersecurity, but also between institutions responsible for internal security, as well as sociologists, psychologists, lawyers, anthropologists, computer scientists and engineers. Such cooperation is essential for gaining a deeper understanding of the nature of cybercrime.

--

Follow ERR News on Facebook and Twitter and never miss an update!