• 基於多年為具備複雜資安需求之機構服務的深厚經驗，ESET 今日將其全球客製化服務正式升級為 ESET PRIVATE。
• ESET PRIVATE 旨在為大型企業和公共部門環境提供量身打造的客製化解決方案，實現規模化的網路韌性。
• 該解決方案陣容涵蓋高速威脅掃描、完全實體隔離（Air-gapped）環境資安、IT 與 OT 基礎設施防護、專屬威脅情資以及複雜的託管安全服務（MSS）。
• 在德國柏林舉辦的 ESET World 2026 大會上，與會者將能深入了解這一系列客製化解決方案所帶來的強大優勢。

布拉提斯拉瓦、柏林 — 2026 年 5 月 18 日 — 全歐最大網路安全廠商* ESET 今日宣布，將於 ESET World 2026 全球大會上首度亮相其 ESET PRIVATE 產品組合。

大型組織的基礎設施日益複雜，且面臨著嚴格的合規要求與不斷攀升的威脅。對他們而言，標準化的罐頭產品已不敷使用。為了確保營運不中斷，組織亟需一套能與其基礎設施無縫融合的客製化資安防護。

為了解決此痛點，ESET PRIVATE 專為複雜的企業與公共部門環境而設計，提供以諮詢為導向的客製化網路安全服務。其服務對象涵蓋全球龍頭企業、國防組織、關鍵基礎設施營運商以及政府機構等，能靈活適應各種嚴苛的要求與營運環境——即便面對極度重視數據在地化（Data Residency）與數位主權的環境亦然。

「作為標準 B2B 與企業產品組合的延伸，ESET PRIVATE 解決方案旨在滿足大型企業和政府機構的特定需求與情境，」ESET 通路營運與業務擴張副總裁 David Března 表示。「各個產業的客戶如今正從『購買技術』轉向『管理網路風險』，同時他們還必須應對瞬息萬變的地緣政治、數位架構以及工具與數據過載的挑戰。ESET 的角色正從傳統的技術供應商演變為戰略夥伴，我們交付的是契合每個組織業務、營運及法規情境的專屬資安解決方案。
因此，無論您是希望保護客戶免受釣魚詐騙的銀行、需要捍衛關鍵傳統 OT 技術的老牌製造商、亟需威脅情資來守護輸配電網的能源公司，還是追求超越單純數據儲存主權的政府機構，ESET 都能提供遠超乎大眾過去所熟知的強大能量。」

ESET PRIVATE（前身為 Corporate Solutions 企業解決方案）交付以下核心價值：

• 客製化設計與建構：ESET 專屬的工程師與架構師團隊與客戶緊密合作，調整、實施並擴展解決方案，以滿足其高階防護與營運需求。
• 模組化解決方案組合：客戶可根據自身需求，自由搭配與組合任何 ESET PRIVATE 的方案。
• 雲端或地端解決方案：提供彈性的部署選項，與客戶複雜的基礎設施和業務運作進行無縫整合。
• 顧問諮詢式方法：ESET 基於深厚的產業知識，提供專家級的戰略建議。
• 端到端（End-to-End）解決方案：ESET 提供長期的合作夥伴關係，並涵蓋持續性的解決方案生命週期管理。

憑藉超過 30 年的網路安全經驗與全球威脅情資，ESET PRIVATE 將 ESET 屢獲殊榮的產品與獨家核心技術、專家團隊相結合，提供強韌的數位安全與客製化解決方案。ESET 的多層次安全解決方案融合了 AI 力量與專家經驗，協助企業超越基礎的合規要求，並全面支援雲端及地端（On-premises）環境。

在 ESET World 2026 掌握更多資訊

ESET 將在其年度 ESET World 大會上向公眾展示 ESET PRIVATE。本屆大會匯聚了來自全球的網路安全專家，共同見證、體驗並探討 ESET PRIVATE 及其卓越的解決方案與服務，提供第一手的專業視角。

在眾多精采演講中，將有數場專門針對「高壓、高風險環境」的專題探討，由 ESET 頂尖專家主持並邀請業內享譽盛名的權威共同參與：

超越單一標準的安全：滿足高風險組織的獨特需求（Beyond One-Size-Fits-All Security: Meeting the Needs of High-Risk Organizations）
Juraj Malcho – ESET 科技長（CTO）
Martin Talian – ESET 企業解決方案長（Chief Corporate Solutions Officer）

隨著威脅的複雜度與破壞力與日俱增，標準化的通用防護已無法保護所有組織。某些組織運作於極度重視信任、韌性與自主控制權的環境中，需要截然不同的高階安全方法。

我們該如何保護在受限與自主環境中運行的系統？（How can we secure systems operating in restricted and autonomous environments?）
Patrik Pliesovsky: ESET 交付與部署總監

保護在受限環境中運作的系統正面臨前所未有的挑戰，尤其是當具備自主能力的 AI 代理（Agents）演進到無需人類干預即可獨立做出決策時。本專題將探討在設計適用於受限與自主系統之網路安全架構時的關鍵考量，並聚焦於如何在營運自主性與強韌的安全控制之間取得平衡——確保系統在孤立、資源受限或實體隔離（Air-gapped）的環境中，依體現系統完整性、持續性行為監控與卓越的韌性。

數位前線的網路防禦（Cyber Defense at the Digital Front lines）
Andrew Lee，ESET 政府事務副總裁
Mietta Groeneveld 上校，北約（NATO）指揮與控制卓越中心總監
Hans De Vries，歐盟網路安全局（ENISA）網路安全與營運長

本論壇匯集了高階資安專家，共同探討日益加劇的國家級網路侵略行為。這些敵對政權正逐漸忽視國際網路規範，頻繁進行間諜活動並攻擊關鍵基礎設施。隨著敵對勢力利用數位技術、發動具破壞力的網路攻擊，並開始槓桿 AI 技術，防禦者在捍衛公民自由與保護國民的同時，正面臨反制這場不對稱戰爭的複雜挑戰。

論壇將深入探討韌性戰略，檢視在持續衝突的時代下如何保護基本公共服務。最終，本場專題將解答防禦者如何在不犧牲自身極力守護的核心價值之前提下，穩固其數位前線。

戰略網路韌性：對抗國家級戰爭的新前線（Strategic Cyber Resilience: The New Front Line Against Nation-State Warfare，爐邊談話）
Thomas Hemker – Guter Hafen Cyber-Sicherheit 安全科技長兼網路風險顧問
Mietta Groeneveld 上校，北約（NATO）指揮與控制卓越中心總監

隨著國家級行動者模糊了網路戰與網路犯罪之間的界線，採用精密的 AI 驅動戰術瞄準供應鏈與關鍵基礎設施，傳統以防禦為導向的安全模型已相形見絀。業界對先進、具備韌性的安全架構之需求從未如此迫切。本論壇將討論如何將「網路韌性」視為現代國防戰略的基石，將網路安全從成本中心轉化為競爭優勢。

請前往線上註冊並觀看本屆於德國柏林 JW 萬豪酒店舉行的盛大年會（活動時間為 5 月 19̶20 日）。

*根據 Frost Radar™: Endpoint Security, 2025 (Frost & Sullivan) 報告評選，ESET 為全歐洲最大的網路安全供應商。

了解更多關於 ESET PRIVATE 的詳細資訊。

閱讀更多關於 ESET PRIVATE 工業安全如何解決製造業傳統運作技術（OT）安全痛點的專題文章。

• A new Android scam, CallPhantom, falsely claims to provide access to call logs, SMS records, and WhatsApp call history for any phone number in exchange for payment.
• We identified and reported 28 separate CallPhantom apps on Google Play, cumulatively downloaded more than 7.3 million times.
• Some CallPhantom apps sidestep Google Play’s official billing system, complicating victims’ refund efforts.

BRATISLAVA, KOŠICE — May 7, 2026 — ESET researchers have uncovered fraudulent apps on Google Play that claim to provide the call history “for any number.” The offending apps, which ESET named CallPhantom based on their false claims, purport to provide access to call histories, SMS records, and even WhatsApp call logs for any phone number. To unlock this supposed feature, users are asked to pay — but all they get in return is randomly generated data. ESET’s investigation identified 28 such fraudulent apps, cumulatively downloaded more than 7.3 million times. As an App Defense Alliance partner, we reported our findings to Google, which removed all of the apps identified in this report from Google Play. 

The CallPhantom apps mainly targeted Android users in India and the broader Asia Pacific region. Many of the apps came with India’s +91 country code preselected, and support UPI, a payment system used primarily in India.

“In November 2025, we came across a Reddit post discussing an app named Call History of Any Number, found on Google Play. Unsurprisingly, our analysis showed that the ‘call history’ data provided by this app is entirely fabricated — the app generates random phone numbers and matches them with fixed names, call times, and call durations, which were embedded directly in the code,” says ESET researcher Lukáš Štefanko, who uncovered the CallPhantom fraud.

In general, CallPhantom apps have a simple user interface and do not request any intrusive or sensitive permissions — they don’t need to. Coincidentally, they do not contain any functionality capable of retrieving actual call, SMS, or WhatsApp data.
In the CallPhantom apps ESET analyzed, researchers saw three different payment methods used, two of which are in violation of Google Play’s payments policy. Some of the apps relied on subscriptions via Google Play’s official billing system. Others relied on payments via a third party; in some cases, payment card checkout forms were included directly in the CallPhantom apps.

The fees requested for the fake service differ widely across the apps. The apps also appear to offer different subscription packages, such as weekly, monthly, or yearly services, with the highest requested price sitting at US$80. For the lowest “subscription tier,” the average requested price was €5.

In general, subscriptions purchased through the official Google Play billing system can be canceled. For the 28 apps described in this blog post, existing subscriptions were canceled when the apps were removed from Google Play. In some cases, refunds for Google Play purchases are possible.

If the purchase was made outside of Google Play — for example, by entering payment card details inside the app or by paying via third-party services — then Google cannot cancel the subscription or issue a refund, and users have to contact their payment provider.

For a more details about CallPhantom, check out the latest ESET Research blog post, “Fake call logs, real payments: How CallPhantom tricks Android users,” on WeLiveSecurity.com. Make sure to follow ESET Research on Twitter (today known as X), BlueSky, and Mastodon for the latest news from ESET Research.

Examples of CallPhantom apps found on Google Play

SAN DIEGO & TORONTO — April 16, 2026 — ESET, a global leader in cybersecurity, today released its 2026 SMB Cyber Readiness Index – North America edition. This new report surveyed hundreds of small and medium-sized businesses (SMBs) from across the United States and Canada to uncover new insights into their cyber resilience, incidents and reporting, perceived threats, and investments – while analyzing the current appetite for managed services, cyber insurance and AI-powered applications.

In this new report, 87% of U.S. and 83% of Canadian SMBs said that they feel slightly to very confident that their business is cyber resilient. Across both countries, cyber resilience confidence rose to 91% and 88%, respectively, for businesses that had more than one cyber incident in the last year (over businesses that had zero or one incident during that timeframe). Across both regions, about half of respondents (47% in the U.S. and 52% in Canada) said that they don’t expect a change in cybersecurity budget this year.

“SMBs in the U.S. and Canada are entering a new phase of cybersecurity where attacks are becoming the new norm and an expected part of business operations,” said Tony Anscombe, Chief Security Evangelist at ESET. “We’ve seen significant shifts in how SMBs perceive today’s risks and how they prepare for them, relying more on cyber insurers to provide cybersecurity services and as a core part of their resilience strategy. While SMBs are worried about headline catching AI‑driven threats, most breaches are still a result of social engineering coupled with human error – including phishing, credential compromise and third party/supply chain risk.”

In order to manage cyber-attacks, SMBs are increasingly including cyber insurance in their resilience strategies to ensure compliance, financial stability and peace of mind when incidents occur. Today, 86% of U.S. SMBs carry cyber insurance, with over half deploying specific security controls (e.g., MFA, IAM, EDR/MDR) as part of their coverage conditions. Canadian SMBs only trail slightly with 78% carrying cyber insurance. In both countries, respondents who have had more than one incident are more likely to carry insurance.

On the AI front, Canadians are more cautious about the deployment of new AI applications than their U.S. counterparts. 69% of Canadian respondents said that they are integrating AI applications into their organization compared to 81% of U.S. respondents.

The 2026 Index surveyed 700 cybersecurity decision-makers across U.S. and Canadian organizations with 25 to 1,000 endpoints, uncovering new insights into SMB cyber readiness, incident response, cybersecurity tools and management, insurance and compliance, AI strategy, and more. Here are some additional highlights from the report released today:

“Perception vs. Reality”: Are SMBs worried about the right threats? 

• SMBs across the U.S. (32%) and Canada (34%) say AI-powered malware is their top concern for the year ahead, a signal of how dominant AI has become in headlines and boardroom conversations.
• But the actual causes of breaches paint a very different picture. In the U.S., the leading drivers of cyber incidents remain phishing (27%), lack of security monitoring (27%) and unpatched security vulnerabilities (25%). In Canada, attacks most often stem from phishing (21%), weak passwords (20%), and insufficient security monitoring (20%).
• Meanwhile, one of the most consequential risks, supply chain compromise, barely registers among SMBs’ top concerns in the survey, ranking eighth (17%) among U.S. respondents and 10th (16%) for Canadians – despite the potential for widespread downstream impact.
• Finally, 82% of U.S. and Canadian SMBs agree that cyber warfare and global conflict pose a real threat to their business, underscoring how interconnected today’s risks are.

Cyber insurance is influencing security behavior

• Incident experience is a major driver of cyber risk insurance adoption: 95% of U.S. and 92% of Canadian SMBs that suffered multiple incidents carry insurance, compared to 77% of U.S. and 68% of Canadian businesses with no incidents.
• In both markets, insurers are playing a more direct role in shaping security posture: 55% of insured U.S. SMBs and 41% of insured Canadian SMBs are required to implement specific controls, often involving continuous monitoring or MDR‑style services, as a condition of coverage.
• Of SMBs surveyed, 16% U.S. and 19% of Canadian respondents say that they outsource some or all of their cybersecurity. Of the U.S. companies that outsource, 35% of SMBs now outsource security to a cyber insurer offering MDR, 21% use an MDR vendor, 17% rely on an MSP/MSSP with MDR, and 27% still use a traditional MSP.
• Of the Canadian companies who outsource, 27% of SMBs now outsource security to a cyber insurer offering MDR, 8% use an MDR vendor, 27% rely on an MSP/MSSP with MDR, and 38% still use a traditional MSP.

Anscombe noted, “In cybersecurity, diversity is necessary to achieve a resilient ecosystem. While it’s heartening to see SMBs adopt cyber risk insurance, there needs to be greater awareness of potential monoculture issues as North American cyber insurers that provide managed services typically offer a limited choice of services and products. In fact, 72% and 66% of US and Canadian businesses respectively are concerned with the implications of single vendor ecosystems (i.e., security monocultures).”

Confidence rising meets increasing attacks

• Even as confidence rises, cyberattacks remain widespread across the U.S. and Canada, reinforcing the sense that cybersecurity incidents are now an inevitable part of doing business.
• In the U.S., 54% of SMBs experienced an incident in the past 12 months, including 22% who faced multiple breaches. Canada shows a similar trend, with 46% reporting at least one incident and 12% experiencing more than one. These numbers highlight how frequently SMBs are being targeted and successfully compromised, despite increased awareness and stronger budgets.
• This growing prevalence is shaping how SMBs think about risk, pushing many to build processes that assume disruption rather than hope to avoid it altogether. In fact, organizations with multiple incidents show the highest confidence levels. In the U.S., 52% of those with repeat incidents (and 42% of Canadians) identify as “very confident,” compared to firms with only one or no incidents.
• These repeatedly targeted organizations also report the strongest budgets, with 45% of U.S. SMBs in this category describing their cybersecurity funding as “more than sufficient” and expecting additional investment increases. Canadian firms were less enthusiastic with their budget – with 25% identifying their budgets as “more than sufficient.”
• Finally, cybersecurity confidence does not always correlate with company size in the United States. Larger U.S. SMBs (500–1,000 endpoints) are less likely to deploy advanced, proactive measures such as threat detection and response (24%) than smaller SMBs (34%), indicating that operational complexity may be outpacing modernization efforts even as confidence rises.

SMBs are still investing in awareness & training

• Across both the U.S. and Canada, cyber awareness training emerges as the top investment priority for the year ahead, reinforcing the reality that human error remains the most exploited weakness in today’s attacks.
• Over 90% of SMBs in both countries say training is “critical” or “very important,” with 42% of U.S. SMBs and 43% of Canadian SMBs planning to increase these investments in the next 12 months—making it the leading budget category in both markets.
• Nearly half of SMBs now go beyond basic training: 44% of U.S. organizations and 47% in Canada use structured programs that include phishing simulations, a shift likely driven by rising concern over AI‑driven phishing techniques and deepfake‑enabled impersonation threats.
• This emphasis on strengthening the human layer aligns closely with incident data, as phishing remains a top cause of breaches (27% in the U.S., 21% in Canada), underscoring why SMBs continue to invest heavily in awareness, behavior change, and simulation‑based resilience.

“Confidence is growing, but the reality is that most breaches still come from preventable issues like phishing, weak passwords, and monitoring gaps,” said Anscombe. “If cyberattacks are the new normal, then getting the fundamentals right matters more than ever.”

ESET’s 2026 SMB Cyber Readiness Index surveyed 700 cybersecurity decision‑makers across the United States and Canada in industries such as manufacturing, construction, healthcare, retail, telecommunications, transportation, and more. This included 500 respondents from the United States and 200 from Canada with 25 to 1,000 endpoints. Notably, 67% of U.S. respondents and 51% of Canadian respondents were their company’s primary decision makers for cybersecurity.

For media who would like to see the SMB data or to set up an interview, please reach out to pr@eset.com.

• Showcased at RSAC 2026, ESET’s upcoming AI security features will protect the full AI conversation flow by scanning both prompts and responses to reduce data exposure and compliance risks.
• Built as browser security features, they will shield against malicious links, scripts, and content generated by LLMs and prevent upload of sensitive and confidential data into public AI systems.
• ESET also presented its new endpoint security capabilities designed to secure personal AI assistants from AI supply chain attacks while creating a free, public ESET AI Skills Checker to detect risky and malicious behavior of AI skills before deployment.