Melissa Valeria Echeverria Joniaux; Melissa Andrea Garaycoa Walker; Aleksandar Tusev

Número 10 / ABRIL, 2020 (73-86)

mecheverriaj@uees.edu.ec

Universidad de Especialidades Espíritu

Santo.

Guayaquil, Ecuador

ORCID:

https://orcid.org/0000-0002-5453-8530

mgaraycoa@uees.edu.ec

Universidad de Especialidades Espíritu

Santo.

Guayaquil, Ecuador

ORCID:

https://orcid.org/0000-0002-9383-7162

atusev@uees.edu.ec

Universidad de Especialidades

Espíritu Santo, Escuela de Estudios

Internacionales.

Guayaquil, Ecuador

ORCID:

https://orcid.org/0000-0003-3794-9669

Recibido:

22/10/2019

Aceptado:

18/02/2020

Melissa Valeria Echeverría

Joniaux

Melissa Andrea Garaycoa

Walker

Aleksandar Tusev

ARE ECUADORIAN MILLENNIALS

PREPARED AGAINST A

CYBERATTACK?

¿ESTÁN PREPARADOS LOS

MILLENNIALS ECUATORIANOS CONTRA

UN ATAQUE INFORMÁTICO?

DOI:

https://doi.org/10.37135/chk.002.10.05

ARE ECUADORIAN MILLENNIALS PREPARED AGAINST A CYBERATTACK?

Número 10 / ABRIL, 2020 (73-86)

A cyberattack is an attempt to get unauthorized access, expose, alter,

disable, steal or make unauthorized use of information. Over the years,

cyberattacks are becoming more frequent, considering that Ecuadorian

authorities claimed they had received over 40 million cyberattacks such

as denial-of-service (DOS) during a week, in April 2019. The objective of

this research work is to assess to what extent Ecuadorians are prepared for

a cyberattack focused on Millennials, who attend private universities and

maintain a high socioeconomic status, due to they are more likely to be

targeted by hackers. This study shows the level of importance that Millennial

university students give to their private information. A quantitative study

was applied to measure the objective mentioned before and was aimed at

103 university students in Samborondón, Ecuador. The obtained results

showed that although the sample population takes some security measures

to protect their information, there exist vulnerable aspects that can be used

by hackers to obtain unauthorized access.

Keywords: Cyberattack, cyber security, information security, millennials.

Un ataque cibernético es un intento de obtener acceso no autorizado,

exponer, alterar, deshabilitar, robar o hacer un uso no autorizado de

información. En los últimos años, los ataques cibernéticos han sido más

frecuentes, considerando que las autoridades ecuatorianas armaron que

habían recibido más de 40 millones de ciberataques, como DOS, en el lapso

de una semana, en abril de 2019. El objetivo de este trabajo de investigación

es tener un estudio objetivo sobre hasta qué punto los ecuatorianos están

preparados para un ciberataque con un enfoque en los millennials que

asisten a universidades privadas y tienen un alto nivel socioeconómico

debido a que son más propensos a ser atacados por hackers. Este estudio

muestra el nivel de importancia que los estudiantes universitarios

Millennials otorgan a la seguridad de su información privada. Se aplicó

un estudio cuantitativo para medir el objetivo mencionado, aplicada a 103

estudiantes universitarios en Samborondón, Ecuador. El resultado obtenido

evidenció que, si bien la población estudiada, toma algunas medidas de

seguridad para proteger sus datos, todavía hay grietas, que pueden ser

utilizadas por los piratas informáticos para obtener acceso no autorizado.

Palabras clave: Ataque informático, seguridad informática, seguridad de

la información, millennials.

Abstract

Resumen

Número 10 / ABRIL, 2020 (73-86)

ARE ECUADORIAN

MILLENNIALS

PREPARED AGAINST A

CYBERATTACK?

¿ESTÁN PREPARADOS

LOS MILLENNIALS

ECUATORIANOS

CONTRA UN ATAQUE

INFORMÁTICO?

Melissa Valeria Echeverria Joniaux; Melissa Andrea Garaycoa Walker; Aleksandar Tusev

Número 10 / ABRIL, 2020 (73-86)

INTRODUCTION

How secure do you believe your information is?

What would you consider a cyberattack? Cybera-

ttacks rst began with the rise of computers in the

1960s, giving rise to the need for cyber security.

Today, around 45 million cyber-attacks can occur

on a daily basis (Threatcloud 2019). According to

the International Organization for Standardization

(ISO) and the International Electrotechnical Com-

mission (IEC) (2018), a cyberattack is an attempt

to gain unauthorized access, expose, alter, disable,

steal or make unauthorized use of as asset (ISO/

IEC 2018:1). The way to protect your informa-

tion is with information security or cyber security.

Information security includes the preservation of

integrity, and availability and condentiality of in-

formation (ISO/IEC 2018:4).

Information security is becoming an essential need

for all consumers. Society is constantly advancing,

and in order to prevent hackers gaining access to

nancial and personal data, the implementation of

cybersecurity is imperative. Not only will it provi-

de citizens with added safety measures, it will also

increase their level of security towards using te-

chnology in their everyday lives. For this reason,

societies need to address clear boundaries on data

sharing, transparency and consent of data privacy,

and ethical data usage (Chamorro-Premuzic, Akh-

tar, Winsborough & Sherman 2017:15).

Considering how widespread the use of techno-

logy and the internet has become people need to

have the right tools to protect their personal infor-

mation (Antoun 2015:100). As mentioned (Ablon

2018:15), if internet users do not protect their

personal data, they could face considerable risks.

Therefore, it is important to research how prepa-

red people are against such attacks, helping reveal

the extent of the problem.

The case of Ecuador reveals a particular need for

such research. Ecuador is a country where the

youth are becoming more involved in technology,

and there is little research on their security beha-

viors. Millennials are known to rely heavily on te-

chnology to store their information (Deal, Altman

& Rogelberg 2010:192). In Ecuador, as of 2017,

Millennials represented 23.2% of the total popu-

lation (Instituto Nacional de Estadistica y Censos

[INEC] 2017). 65% of Millennials own a smar-

tphone (INEC 2017). Also, 68.7% of Ecuadorian

Millennials use the internet, and at least 63.8% of

them have a social media account.

Due to the fact that most Millennials have an inter-

net presence, it is essential for them to be prepared

to protect their information. Late Millennials, or

Generation Z are dened as people born between

1996 and 2001 or as late as the mid-2000s (Wi-

lliams, 2015:2), and older Millennials are dened

as people born between 1980 and 1995 (Ng & Jo-

hnson 2015:122).

This topic has become even more important after

Ecuador released Julian Assange from the Ecuado-

rian embassy in London. As of April 15, of 2019,

Ecuadorian authorities claimed they received over

40 million cyber-attacks (Rivadeneira 2019:1). As

reported by El Universo, these attacks came from

different parts of the world, and they targeted ins-

titutions like the Presidency, the Central Bank and

other ministries.

As for developments in Ecuador, starting in 2017,

banks started introducing new technology aimed

mainly at younger people, who would benet from

the introduction of mobile applications which

allowed them control of nancial services (Re-

dacción Economía 2017). Considering this new

merging of nancial services and mobile apps, it

is important to investigate how prepared they are

against unauthorized access to their personal data.

Cyberattacks are a threat for all people and institu-

tions around the world. It is imperative to research

how they can affect people and to nd out whether

people are taking the correct measures to protect

their data (Ablon 2018:15).

The aim of this paper is to explore cybersecuri-

ty and cyber threats with relation to private uni-

versity students in Guayaquil, Ecuador. The main

focus of the study is to investigate how prepared

students are against cyberattacks.

The method for the investigation was a thirteen

question online survey. The population of the sur-

ARE ECUADORIAN MILLENNIALS PREPARED AGAINST A CYBERATTACK?

Número 10 / ABRIL, 2020 (73-86)

vey was university students from the higher so-

cioeconomic level. The main sample population

was taken from the prominent coastal universi-

ty Universidad de Especialidades Espíritu Santo

(UEES). The survey responses provide key infor-

mation about how Millennials in Ecuador handle

their personal data. Also, the results indicate the

level of cyberattacks this population has experien-

ced.

TECHNOLOGY

The world is increasingly becoming connected

via the internet. The internet of things has come

to symbolize this new reality; according to the In-

ternational Telecommunication Union (2012), this

refers to the infrastructure connecting, either vir-

tually or physically, all things that exist and evol-

ve, where communication technologies and infor-

mation is interloped.

Computers originate from the abacus in 1,100

BCE (Freiberger, Swaine et al., 2020). However,

there were many advances that occurred in order

to reach what is considered the modern-day com-

puter. That feat can be attributed to Konrad Zuse

who completed the rst programmable compu-

ter that became fully functional in 1941 (Ceruzzi

1981:249). Theft performed through a computer

had been a concern since the 1960s as people were

attempting to take information stored inside com-

puters (Warner 2012:784).

CYBERATTACKS

As Warner (2012:781) stated, even people who

do not own computers are at risk of suffering a

cyberattack or cyber theft. Companies and gover-

nments seem to be constantly under attack by hac-

kers that seek to maliciously access private infor-

mation. Also, there are entities that scam people`s

information, while consumers believe they are

protected (Rajab, Ballard, Mavrommatis, Provos

& Zhao 2010:1).

Advisors and agency ofcials have been seeking

to discern such attacks, with the latest technology

available. This creates an increasing security cha-

llenge; as the numbers of hackers continue to in-

crease so do the number of potential victims. With

the increasing surge of computer viruses, more

sophisticated antivirus technology emerged (Bus-

sa 2000:1-2; Rad, Masrom & Ibrahim 2010:115-

119). A virus is a program whose main objective

is to replicate itself unto as many computers as

it can (Hubbard & Forcht 1998:12; Nachenberg

1997:46-47).

Cyberattacks can lead to data breaches, which can

be catastrophic. One of the biggest data breach ca-

ses was discovered in 2019, after a security resear-

cher found a le online titled Collection 1, which

contained 87 gigabytes of data and 773 million

email addresses and passwords (Hunt 2019).

After the breach was made public, it was found

that more collections (Collection 2 through Co-

llection 5) which contained around 845 gigabytes

of data were being sold on the dark web (Green-

berg 2019). The dark web is dened as a part of

the world wide web, that is only accessible throu-

gh specic networks and where connections are

highly encrypted, so illegal activities can be ca-

rried out (Nastiti & Wimmer 2015:3).

CYBERATTACKS IN ECUADOR

Ecuador is not out of reach when it comes to cy-

berattacks. In 2015, a cyberattack against Banco

del Austro (BDA) cost the bank 12 million do-

llars (Insurance Journal 2016). The attack targeted

BDA´s servers and ordered Wells Fargo to make

money transfers to a bank account in Hong Kong

(Bergin & Layne 2016).

According to Bergin and Layne, Wells Fargo pro-

ceeded with making at least 12 transactions over

the course of ten days. The authors add that the

attack was made through what were previous-

ly thought to be secure servers (The Society for

Worldwide Interbank Financial Telecommunica-

tion [SWIFT] Network), which are used by many

banks around the world to transfer billions of do-

llars.

The country also became vulnerable to cyberattac-

ks due to the revocation of asylum to the foun-

Melissa Valeria Echeverria Joniaux; Melissa Andrea Garaycoa Walker; Aleksandar Tusev

Número 10 / ABRIL, 2020 (73-86)

der of Wikileaks, Julian Assange, in early April of

2019 (McKay 2019). According to the minister for

information and communication technologies, af-

ter Assange was arrested 40 million cyberattacks

occurred against Ecuadorian institutions’ websites

(Fingas 2019). The 40 million attacks refer to the

number of requests made to ood website servers

and limit access to the internet (McKay 2019).

McKay adds that none of the attempts were suc-

cessful in stealing or destroying data.

METHODOLOGY

The following research paper centers on cyber se-

curity and Ecuadorian Millennials. The objective

of this research paper is to assess to what extent

Ecuadorians are prepared for a cyberattack with

a focus on Millennials, who attend university and

have a high socioeconomic status, making them

more likely to be targeted by hackers.

Ecuadorian university students from the higher so-

cioeconomic level are likely to represent the best

prepared segment of Millennials in Ecuador when

it comes to cyber-security habits and awareness,

compared to less educated and lower socioecono-

mic Millennials.

Additionally, this segment of the population are at

a higher risk for nancial cyberattacks as they have

greater nancial wealth, and likely spend more on

online purchases. Also, they are likely to be less

reserved when it comes to sharing personal and

nancial information online (Alton 2017). UEES

students were chosen to represent the population,

as this university is one of the most expensive in

the country, with a reputation for educating some

of the wealthier segments of the population.

A quantitative survey instrument was chosen to

test the awareness, preparedness and value Mi-

llennials have with relation to cybersecurity and

cyberattacks. A quantitative study allowed for the

gathering of basic information from a larger sam-

ple. The instrument was based on a survey publi-

shed by the Pew Research Center (2017:30-42).

The instrument had the purpose of nding out the

trust Americans place in cybersecurity and what

experiences they have had. The instrument was

adjusted for the Ecuadorian population. After

conducting a pilot study on the original survey, a

number of questions were eliminated, leaving thir-

teen questions in the nal instrument.

In total, there were 103 students that completed

the survey. UEES has approximately 5,000 stu-

dents. By surveying 103 students, the condence

level of 85% was obtained with a margin of error

of 7%. The majority of the students surveyed were

between the ages of 18 and 21, accounting for 54%

of the total respondents. The second largest group

surveyed were aged between 22 and 25, with 35%

of respondents.

The survey was distributed via the QuestionPro

platform. First, it was sent to students via social

media. Then, researchers visited classrooms, whe-

re, with the permission of the teachers, students

were invited to complete the survey online on their

devices. The survey was conducted from March

27, 2019 until April 15, 2019.

Some limitations of the instrument were tested be-

fore administering it. A pilot study was conducted

to test that the questions selected were appropriate

for the population and if they had to be altered or

removed for reliability and relevance. Originally

there were twenty-one questions in the survey (see

appendix 1).

After conducting the pilot test, eight of the ques-

tions were either unnecessary or had to be merged

with another question in order to be more cohe-

sive. The rst survey question was regarding the

use of the internet, and whether the student used it,

at least occasionally. Due to all the answers being

yes in the pilot test, we decided it was redundant,

and deleted it.

Following that question, there was one about how

frequently students used the internet, and another

question asking if they owned a smartphone. Sin-

ce most pilot responses were the same, and the

questions did not provide essential information for

this study, we removed those questions too. Addi-

tionally, we removed questions regarding people’s

use of social media and questions about how they

ARE ECUADORIAN MILLENNIALS PREPARED AGAINST A CYBERATTACK?

Número 10 / ABRIL, 2020 (73-86)

handle their passwords across different sites. The

purpose of removing these questions was to ensu-

re that the survey was clear and understandable,

and that people would feel comfortable and ll it

out correctly.

The results of the quantitative test performed were

provided by using graphs and tables in order to

present the information gathered from the surveys.

These were subsequently analyzed in order to ad-

dress how prepared Ecuadorian Millennials were

for a cyberattack.

RESULTS AND DISCUSSION

The objective of conducting this survey was to

provide results that will demonstrate the extent

that Ecuadorian Millennials protect themselves

against cyberattacks, with a focus on private uni-

versity students with a high socioeconomic status.

Ten yes no questions were asked. Those results are

summarized in table 1, and described below.

Question 1 shows the number of people from our

sample who currently own a smartphone. Out

of the 103 students surveyed, 100 stated yes, or

97.09% of students; 2.91% did not own one.

Question 2 asked if students have ever installed

an application to protect their smartphones against

viruses that attack phones. Of the 103 responses,

71 said that they had not installed any antivirus

application on their phones, or 69%, and 32 of the

students answered that they had, or 31% of the

surveyed students.

Question 3 asked if they had ever experienced

fraudulent charges made to their credit cards. Of

Table 1. Results for yes no questions

Question

number

Question Yes

1 Is your cell phone a smartphone such as an iPhone, Android, Blackberry

or Windows phone?

97 3

2 Have you ever installed an application to protect your smartphone against

viruses?

31 69

3 Have you ever experienced any of the following data thefts? Fraudulent

charges to credit cards?

24 76

4 Have you ever experienced any of the following data thefts? Have recei-

ved notice about your personal information being compromised?

51 49

5 Have you ever experienced any of the following data thefts? Someone has

had unauthorized access to your email?

33 67

6 Have you ever experienced any of the following data thefts? Someone has

had unauthorized access to any of your social media accounts?

12 88

7 Do you have any of the following worries about your passwords? You

have difculty managing all of your passwords?

38 62

8 Do you have any of the following worries about your passwords? Do you

worry about the security of your passwords?

69 31

9 Do you have any of the following worries about your passwords? You use

less secure passwords because more complicated passwords are harder to

remember?

31 69

10 Do you use public Wi-Fi networks in public places such as airports, cafes,

hotels or libraries?

89 11

Source: Based on the data obtained in the applied survey

Melissa Valeria Echeverria Joniaux; Melissa Andrea Garaycoa Walker; Aleksandar Tusev

Número 10 / ABRIL, 2020 (73-86)

the 103 people surveyed, 76% said no, while 24%

said yes.

Question 4 asked if they had ever received a no-

tice stating their personal information had been

compromised. Of the 103 people who lled out

the survey, 51% said they had, and 49% said they

had not.

In question 5, students were asked if they had ever

had someone access their email account without

their permission. Out of the 103 respondents, 67%

said no, and 33% of people said they had expe-

rienced it.

In question 6, students were asked if they had ne-

ver had someone access any of their social media

accounts without their permission. Out of the 103

respondents, 88% said no, and 12% of the sam-

ple stated they had had someone breach their ac-

counts.

In question 7, students were asked if they had di-

fculty managing all of their passwords. Out of

all the people surveyed, 62% said yes, and 38%

said no.

Question 8 asked if students had concerns about

the security of their passwords. Of the 103 people

who lled out the survey, 69% said yes, and 31%

said they did not.

In question 9, students were asked if they did not

use less secure passwords because using more

complicated passwords are harder to remember.

Out of all the people surveyed, 69% responded no,

and 31% said they did use less secure passwords

because it was harder to remember more compli-

cated passwords.

Finally, question 10, asked if students used public

Wi-Fi networks in public places like airports, ca-

fes, hotels and libraries. 89% said yes, and 11%

said they did not make use of these networks.

Seven further questions were asked, where there

were at least three options for students to select

as a response. The results are described in gures

1 to 7.

Figure 1 is a multiple selection question where

students were tasked with selecting what type of

security measures they have in place to lock their

phone. 34.97% responded that they use a perso-

nal identication number (PIN) password to ac-

cess their phones; the second most used phone

lock was the ngerprint scanner with 33.75% of

students. The next three responses all have similar

results: the use of a pattern received 11.19% of

responses; 10.49% of students do not lock their

phones; and 9.79% of students stated they used

face identication.

Figure 2 looked at how frequently students update

their device’s operating system (OS) and down-

load applications. The majority of the respondents

answered that they updated their devices automa-

tically or as soon as possible, with a 55% of stu-

dents; 40% of students answered that they updated

their OS or applications when it was convenient

for them; nally, 5% of students answered that

they never updated their OS or applications.

Figure 3 describes whether students have online

accounts. For online accounts that involve pay-

ments or transactions, 66% stated that they used

them, and 32% of the students stated no. 2% of

respondents said that the question did not apply

to them. With online utility accounts, 69% of stu-

dents stated they did not have one, while 15.5%

said yes and 15.5% said that such online account

did not apply to them.

For online accounts related to healthcare provi-

ders, 67% of students said they did not have one,

19.4% of students said yes, and 13.6% said it did

not apply to them; nally, for online accounts with

bank or nancial service providers, 77.67% of

students said that they had such online accounts,

19.42% said they did not have one and 2.91% said

this question did not apply to them.

Figure 4 looked at if students abstained from crea-

ting an online service account due to the dubious

nature of how their information will be handled.

Out of the 103 surveyed, 56% stated that they had

abstained from creating such accounts, 23% clai-

med that they have not stopped themselves from

creating online service accounts, and 21% claimed

that they do not know if they have done so.

In gure 5, students were asked to rate a number

of institutions for how condent they were that

ARE ECUADORIAN MILLENNIALS PREPARED AGAINST A CYBERATTACK?

Número 10 / ABRIL, 2020 (73-86)

their personal data would be safe from hackers or

unauthorized users. Students had the highest con-

dence in phone manufacturers, scoring an avera-

ge 3.22 out of 3.5, credit card companies, scoring

3.06 out of 3.5, and email service providers, sco-

ring 2.91 out of 3.5. The lower condence results

were for government, with 1.79 out of 3.5, and

companies or retailers they did business with, with

2.15 out of 3.5.

Figure 6 looked at how students felt their personal

information had changed over the last ve years.

44% of students said they felt that their personal

information was as secure as it was ve years ago.

37% felt it was less secure, and 19% said they felt

as if it was more secure.

Figure 7 asked which types of sites students vi-

sited while using a public Wi-Fi network. 52%

of students stated they visited social media sites;

29% opened their emails, 10% shopped online;

and 9% accessed their online bank accounts.

Source: Based on the data obtained in the

questionnaire

Figure 1: What type of security measures do

you have in place to lock your phone?

Source: Based on the data obtained in the

questionnaire

Figure 2: How frequently do you update your

device’s operating system and applications?

Source: Based on the data obtained in the

questionnaire

Figure 3: Do you have any internet accounts

of this nature?

Source: Based on the data obtained in the

questionnaire

Figure 4: Have you ever decided not to use or

not to create an account with an online service

provider due to concerns for how your perso-

nal information would be handled?

Melissa Valeria Echeverria Joniaux; Melissa Andrea Garaycoa Walker; Aleksandar Tusev

Número 10 / ABRIL, 2020 (73-86)

DEVICE SECURITY

The results show that most students have not had

their bank accounts targeted. Also, the great ma-

jority of the sample has not had a situation where

their credit card information was stolen. Further-

more, most students stated that they had not had

their emails or social media account compromised

or hacked. However, students did have issues with

notications that their information had been com-

promised, at some point in their lives.

Overall, it can be said that the respondents have

been victims of some type of hack, by phishing

or other types of information theft, which allowed

hackers to access their personal information and

Source: Based on the data obtained in the

questionnaire

Figure 5: Regarding the following institutions,

how condent are you that your personal data

will be safe from hackers or unauthorized

users?

Source: Based on the data obtained in the

questionnaire

Figure 6: How do you feel your personal

information has changed over the last ve

years?

Source: Based on the data obtained in the

applied survey

Figure 7: Which websites do you visit while

connected to a public Wi-Fi network?

send messages to them. Even though the majority

of students stated that they had not suffered from

a cyber-attack, there were still many students who

had been affected by such attacks.

Millennials tend to have more trust in cell pho-

ne manufacturers; companies such as Apple ad-

vertise that they refuse to give out information of

customers, even if a government agency seeks it

(Nakashima 2016:1). Also, students have a higher

level of trust in in credit card companies, cell pho-

ne service providers and email providers.

On the other hand, students do not have a high le-

vel of trust in companies or retailers they conduct

business with, possibly due to the fact that they do

not know who oversees the regulations of these

companies, including social media sites. The least

trusted institution was government agencies. This

lack of trust in government agencies can lead to

an overbearing obstacle for such agencies to im-

plement and enforce cyber security measures and

regulations. Students are more inclined to perform

such security through private actors. It is clear that

the age of users and their personal experiences

with the internet have an impact on their percep-

tions towards trust in different institutions (Al-

zahrani, Al-Karaghouli & Weerakkody 2018:143).

ARE ECUADORIAN MILLENNIALS PREPARED AGAINST A CYBERATTACK?

Número 10 / ABRIL, 2020 (73-86)

SAFETY MEASURES

The majority of Millennials have a smartphone.

They mostly keep their information safe by kee-

ping their smartphones under lock by using me-

asures such as PIN passwords. Out of all the op-

tions to choose from, using a PIN or a password

is not the most secure choice, when compared to

biometric locks, such as ngerprint scanners or fa-

cial recognition (Cherapau, Muslukhov, Asanka &

Beznosov 2015). PINs are combinations of four

numbers, which can be more convenient, but less

secure (Cherapau et al. 2015).

Although the sample population is known for be-

ing more reliant on technology, most students do

not own an application on their phones in order

to protect them against an attack or virus. This

could have a negative effect on the security of

personal data. Antivirus applications serve to pro-

tect computers or mobile devices from threats like

malware, which could include spyware (Williams

2014:1).

However, the results show that the majority of stu-

dents surveyed did download updates when avai-

lable or automatically. This is a sign that they are

aware of cybersecurity threats because “running

out-of-date software can provide an open door for

hackers to take advantage of holes left in programs

that haven’t had critical security updates applied”

(Palmer 2019:5).

Most Millennials have online accounts with ban-

king institutions and have accounts that involve

online bill payments or transactions. As stated by

Choo (2011:722), in recent years, banking institu-

tions have offered the service of mobile banking

or payment services. With that, there is a new ga-

teway to cyberattacks, with malware created to

purposely target phones to give information to

hackers about banking login credentials and other

personal information.

INFORMATION SAFETY

Most Millennials believe that the safety of their

information, in the last ve years, has either re-

mained the same or gotten worse. This may be

amplied as cyberattacks continue to increase in

frequency and severity, such as the Sony Pictures

attack in 2014, the Anthem healthcare attack in

2015 or the Panama papers incident that occurred

in 2016 (Middleton 2017).

In addition, the majority of Millennials use public

Wi-Fi networks in order to access the internet.

This can put their data at risk. Information can be

taken; for example, in 2016 a test was conducted

where a hack was attempted on mobile and ta-

blet devices through a public Wi-Fi hotspot. The

purpose was to test whether data can be gathered

from devices connected through the public Wi-Fi

network by recording the keystrokes performed

on devices. The results were worrying: they reco-

vered keystrokes with a high success rate, without

victims noticing.

When entering a public Wi-Fi source, students en-

ter sites such as social media and their email, yet

they generally refrain from accessing their bank

accounts or online shopping. This may be a sign

that they are aware of the risks of public Wi-Fi

networks and cyber-attacks.

MANAGEMENT OF PASSWORDS

AND ACCOUNTS

Most Millennials do not have difculty handling

their passwords, and they do not use less secure

passwords. This shows that they are worried about

security. Their concerns are valid; attacks such as

clickjacking are becoming more common. Click-

jacking is a term that describes a technique where

embedded links hijack users to make moves that

they did not intend to take. Embedded browsing

has become more popular these days, making it

common for a normal viewer to click on sites that

were not the ones they were intended for. By using

these types of frameworks, a malicious website

can open on an unsuspecting person’s computer

(Selim, Tayeb, Kim, Zhan & Pirouz 2016:2-3).

Overall, Millennials have both positive and nega-

tive habits when it comes to cybersecurity. Most of

them do not use antivirus software on their phones

and they access sites using public Wi-Fi, making

their information vulnerable. However, they do

Melissa Valeria Echeverria Joniaux; Melissa Andrea Garaycoa Walker; Aleksandar Tusev

Número 10 / ABRIL, 2020 (73-86)

take some measures to protect their information.

They use secure passwords and lock their devices,

and they avoid open Wi-Fi networks when making

nancial transactions.

RECOMMENDATIONS

There are some basic things that Millennials can

do to increase the safety of their online data and

reduce their risk of cyberattacks. Students should

consider using password managers in order to

encrypt their devices. Furthermore, they should

download reputable anti-virus software to their

devices, and if possible use a Virtual Private Ne-

twork (VPN) to encrypt their data when accessing

the web through public Wi-Fi networks.

CONCLUSIONS

This study set out to explore cyber security with

relation to university students from Ecuador. The

aim was to gauge students’ awareness to such

threats, the value they place on cybersecurity and

their general level of preparedness against such

hacks.

The results found that they were aware of the po-

tential threats that they face, yet do not seem to

take the required measures against such threats,

suggesting that they do not have a high enough va-

lue for such measures. Also, while the majority of

Millennials had not been victims of cyberattacks,

their information is not completely secure against

potential unauthorized access, suggesting they are

not as prepared as they could be. The measures

they take to protect their data are not the best avai-

lable, seeing as most still use a PIN or password

and do not download antivirus applications to en-

sure no one will gain access to their devices.

To sum up, anyone can be a victim of cyberat-

tacks. Millennials in Ecuador, at least those in

our sample, whilst being aware of the dangers

of cyberhacking, do not take them as seriously

as they should. They take some measures to pro-

tect themselves, but not enough. Students should

use password managers to encrypt their devices,

download reputable anti-virus software, and use a

VPN to encrypt their data when accessing public

Wi-Fi networks. Seeing as the sample in this study

was limited, further research is encouraged to test

the results. Furthermore, expanding the popula-

tions to older generations as well as non-univer-

sity students would be valuable for comparative

studies.

BIBLIOGRAPHIC REFERENCES

Ablon, L. (2018). Data thieves: the motivations

of cyber threat actors and their Use and

monetization of stolen data. Rand Corpo-

ration, 1-16. doi:10.7249/ct490

Alton, L. (2017, December 1). How Millennials

Think Differently About Online Securi-

ty. Forbes. Retrieved from https://www.

forbes.com/sites/larryalton/2017/12/01/

how-millennials-think-different-

ly-about-online-security/#51fba8da705f

Alzahrani, L., Al-Karaghouli, W. & Weerakkody,

V. (2018). Investigating the impact of citi-

zens’ trust toward the successful adoption

of e-government: A multigroup analysis

of gender, age, and internet experience.

Information Systems Management, 35(2),

124-146. doi:10.1080/10580530.2018.144

0730

Antoun, C. (2015). Who are the internet users,

mobile internet users, and mobile-mostly

internet users?: demographic differences

across internet-use subgroups in the U.S.

Mobile Research Methods: Opportunities

and challenges of mobile research metho-

dologies, 99-117. doi:10.5334/bar.g

Bergin, T. & Layne, N. (2016, May 20). Special

Report: Cyber thieves exploit banks’ fai-

th in SWIFT transfer network. Reuters.

Retrieved from https://www.reuters.

com/article/us-cyber-heist-swift-special-

report/special-report-cyber-thieves-ex-

ploit-banks-faith-in-swift-transfer-ne-

ARE ECUADORIAN MILLENNIALS PREPARED AGAINST A CYBERATTACK?

Número 10 / ABRIL, 2020 (73-86)

twork-idUSKCN0YB0DD

Bussa, T. (2000). The Future of Fighting Viruses:

A History and Analysis of the Digital Im-

mune System. Bethesda: SANS Institute.

Retrieved from http://ivanlef0u.fr/repo/

madchat/vxdevl/papers/avers/toby_bus-

sa_gsec.pdf

Ceruzzi, P. E. (1981). The Early Computers of

Konrad Zuse, 1935 to 1945. IEEE Annals

of the History of Computing, 3(3), 241-

262. doi:10.1109/mahc.1981.10034

Chamorro-Premuzic, T., Akhtar, R., Winsborou-

gh, D., & Sherman, R. A. (2017). The

datacation of talent: how technology is

advancing the science of human potential

at work. Current Opinion in Behavioral

Sciences, 18, 13-16. doi:10.1016/j.cobe-

ha.2017.04.007

Cherapau, I., Muslukhov, I., Asanka, N. & Bez-

nosov, K. (2015). On the Impact of Touch

ID on iPhone Passcodes. Symposium on

Usable Privacy and Security (SOUPS),

1-20. Retrieved from https://pdfs.seman-

ticscholar.org/e021/f57012562610e8a-

997963995d00f5cde9b7d.pdf

Choo, K. R. (2011). The cyber threat landscape:

Challenges and future research directions.

Computers & Security, 30(8), 719-731.

doi:10.1016/j.cose.2011.08.004

Deal, J. J., Altman, D. G. & Rogelberg, S. G. (2010).

Millennials at Work: What We Know and

What We Need to Do (If Anything). Jour-

nal of Business and Psychology, 25(1),

191-199. doi:10.1007/s10869-010-9177-2

Fingas, J. (2019). Ecuador says it faced 40 million

cyberattacks after giving up Assange. En-

gadget. Retrieved from https://www.en-

gadget.com/2019/04/16/ecuador-cyberat-

tacks-after-assange-arrest/

Freiberger, P. A., Swaine, M. R. et al. (2020).

Computer - History of computing. Ency-

clopaedia Britannica [electronic version].

New York, EU: Encyclopaedia Britanni-

ca Inc. Retrieved from https://www.bri-

tannica.com/technology/computer/His-

tory-of-computing

Greenberg, A. (2019). Hackers are passing

around a megaleak of 2.2 billion records.

Wired. Retrieved from https://www.wi-

red.com/story/collection-leak-userna-

mes-passwords-billions/

Hubbard, J. C. & Forcht, K. A. (1998). Com-

puter viruses: how companies can pro-

tect their systems. Industrial Manage-

ment & Data Systems, 98(1), 12-16.

doi:10.1108/02635579810199708

Hunt, T. (2019). The 773 million record “Collec-

tion #1” data breach. Troy Hunt. Retrieved

from https://www.troyhunt.com/the-773-

million-record-collection-1-data-reach/

INEC. (2017). Hablando de Millennials. Qui-

to: INEC. Retrieved from http://www.

ecuadorencifras.gob.ec/documentos/web-

inec/Inforgraas-INEC/2017/millenials.

pdf

Insurance Journal. (2016). Cyber Bank Thie-

ves Stole $12M from Ecuador Bank in

2015, Using SWIFT System. Insurance

Journal. Retrieved from https://www.

insurancejournal.com/news/internatio-

nal/2016/05/24/409577.htm

International Telecommunication Union. (2012).

Internet of Things Global Standards Initia-

tive. ITU. Retrieved from https://www.itu.

int/en/ITU-T/gsi/iot/Pages/default.aspx

ISO/IEC 27000. (2018). ISO/IEC 27000:2018(E):

Information Technology - Security Techni-

ques - Information Security Management

Systems - Overview and Vocabulary. USA:

ISO/IEC. Retrieved from https://www.sis.

se/api/document/preview/80001198/

McKay, T. (2019). Ecuador Claims It’s Been

Hit with 40 Million Cyberattacks Sin-

ce Giving Up Julian Assange. Gizmodo.

Retrieved from https://gizmodo.com/

ecuador-claims-its-been-hit-with-40-mi-

llion-cyberattack-1834070219

Melissa Valeria Echeverria Joniaux; Melissa Andrea Garaycoa Walker; Aleksandar Tusev

Número 10 / ABRIL, 2020 (73-86)

Middleton, B. (2017). A History of Cyber Security

Attacks: 1980 to Present. Boca Raton, FL:

CRC Press.

Nachenberg, C. (1997). Computer virus-antivirus

coevolution. Communications of the ACM,

40(1), 46-51. doi:10.1145/242857.242869

Nakashima, E. (2016, February 17). Apple vows

to resist FBI demand to crack iPho-

ne linked to San Bernardino attacks.

The Washington Post. Retrieved from

https://www.washingtonpost.com/world/

national-security/us-wants-apple-to-

help-unlock-iphone-used-by-san-ber-

nardino-shooter/2016/02/16/69b903ee-

d4d9-11e5-9823-02b905009f99_story.

html

Nastiti, A. & Wimmer, A. (2015). Darknet, So-

cial Media and Extremism: Addressing

Indonesian Counterterrorism on the Inter-

net. Deutsches Asienforschungszentrum

Asian Series Commentaries, 30, 1-13.

Retrieved from https://www.academia.

edu/20813843/Darknet_Social_Media_

nad_Extremism_Addressing_Indone-

sian_Counterterrorism_on_the_Internet

Ng, E. S. & Johnson, J. M. (2015). Millennials:

who are they, how are they different, and

why should we care? The Multi-genera-

tional and Aging Workforce, 121-137.

doi:10.4337/9781783476589.00014

Palmer, D. (2019). PC security warning: That

out-of-date software is putting you at

risk. ZDnet. Retrieved from https://www.

zdnet.com/article/pc-security-warning-

that-out-of-date-software-is-putting-you-

at-risk/

Rad, B. B., Masrom, M. & Ibrahim, S. (2010).

Evolution of computer virus concealment

and anti-virus techniques: a short survey.

IJCSI International Journal of Computer

Science Issues, 7(6), 113-121.

Rajab, M. A., Ballard, L., Mavrommatis, P., Pro-

vos, N. & Zhao, X. (2010). The nocebo

effect on the web: an analysis of fake an-

ti-virus distribution. Login, 35(6), 18-25.

Retrieved from https://www.usenix.org/

system/les/login/articles/rajab.pdf

Redacción Economía. (2017, May 17). Cuentas

virtuales y servicios digitales son las nue-

vas tendencias que impulsa la banca. El

Telégrafo, pp. 1-2. Retrieved from https://

www.eltelegrafo.com.ec/noticias/econo-

mia/4/cuentas-virtuales-y-servicios-digi-

tales-son-las-nuevas-tendencias-que-im-

pulsa-la-banca

Rivadeneira, G. (2019, April 15). Ecuador ha

recibido 40 millones de ataques ciber-

néticos, revela viceministro de Tele-

comunicaciones. El Universo, pp. 1-2.

Retrieved from https://www.eluniverso.

com/noticias/2019/04/15/nota/7287215/

ecuador-ha-recibido-40-mil-

lones-ataques-ciberneticos-revela

Selim, H., Tayeb, S., Kim, Y., Zhan, J. & Pi-

rouz, M. (2016). Vulnerability Analysis

of Iframe Attacks on Websites. Proce-

edings of the The 3rd Multidisciplinary

International Social Networks Confe-

rence on SocialInformatics 2016, Data

Science 2016 - MISNC, SI, DS 2016.

doi:10.1145/2955129.2955180

Smith, A. (2017). Americans and Cybersecu-

rity. USA: Pew Research Center. Re-

trieved from https://www.pewinternet.

org/2017/01/26/methodology-183/

Threatcloud. (2019). Live Cyber Attack Threat

Map. Check Point. Retrieved from https://

threatmap.checkpoint.com/ThreatPortal/

livemap.html

Warner, M. (2012). Cybersecurity: A Pre-history.

Intelligence and National Security, 27(5),

781-799. doi:10.1080/02684527.2012.708

530

Williams, A. (2015, September 18). Move Over,

Millennials, Here Comes Generation Z.

The New York Times, pp. 1-7. https://

www.nytimes.com/2015/09/20/fashion/

move-over-millennials-here-comes-gene-

ration-z.html

ARE ECUADORIAN MILLENNIALS PREPARED AGAINST A CYBERATTACK?

Número 10 / ABRIL, 2020 (73-86)

Williams, J. (2014). What is anti-virus? OUCH!

Retrieved from https://www.rwu.edu/

sites/default/les/downloads/it/what_is_

anti_virus.pdf

Appendix 1. Pilot study and nal survey

Question # Question: Question Status

1 Age In the survey

2 Do you use the internet or email, at least occasionally? Deleted. Almost everyone uses it.

Would not provide new information.

3 How often do you use the internet? Deleted. Wouldn’t provide new infor-

mation.

4 Do you have a cell phone? Deleted. Felt too obvious.

5 Is your cell phone a smartphone such as an iPhone, Android, Black-

berry or Windows phone?

In the survey

6 What types of security measures do you have in place to lock your

phone?

In the survey

7 How frequently do you update your device’s operating system and

downloaded applications?

In the survey

8 Do you ever use a social networking site or an application such as

Facebook, Twitter or LinkedIn?

Deleted. Almost everyone uses at least

one of them.

9 Have you ever used your social media account information to log in

to another website or have you ever done so?

Deleted, felt too personal.

10 Have you ever installed an application to protect your smartphone

against viruses?

In the survey

11 Do you have online accounts of the following nature? In the survey

12 Have you ever decided not to use or not to create an account with

an online service provider due to worries of how your personal

information would be handled?

In the survey

13 Thinking about the following institutions, how condent are you

that your personal data will be safe from hackers or unauthorized

users?

In the survey

14 How do you keep a record of your passwords? Deleted

15 Have you ever experienced any of the following data thefts? In the survey

16 How do you keep your passwords safe? Deleted.

17 Do you use the same or similar passwords in your different ac-

counts?

Deleted, felt too invasive

18 Do you share your password with your friends or family? Deleted, people would not have answe-

red with honesty.

19 Do you use two factor authentication? Deleted, felt too invasive

20 Do you have any of the following worries about your passwords? In the survey

21 How do you feel your personal information has become in the last

ve years?

In the survey

22 Do you use public Wi-Fi networks in public places such as airports,

cafés, hotels or libraries?

In the survey

23 If you do, what websites do you visit while connected? In the survey

24 In the next 5 years, do you think a cyber-attack will occur? Deleted

Source: Pew Research Center (2017:30-42)

APPENDIX