Ransomware: How would employees in Swiss companies behave?
How defensible are companies when they are targeted by ransomware? The Swiss IT service provider advact itself staged an attack on 42 Swiss companies to get to the bottom of the question.
The global attack with the WannaCry malware is still making headlines and once again demonstrates the impact of extortion software. Even though the focus of WannaCry is strongly on automatic spreading by exploiting a vulnerability in Windows, many infections with WannaCry - as is usual with ransomware - take place via email. Switzerland currently appears to be relatively unaffected by the attacks. But what would happen if Switzerland became the focus? How would employees behave here? Between May 8, 2017 and May 12, 2017, the IT service provider advact sent a ransomware email to a total of 21,662 employees from 42 different Swiss companies in agreement with the participating companies and evaluated their reaction. In 41 companies, at least one employee opened the email attachment contaminated with potential ransomware. A total of 1,803 people executed the malware in the attachment, according to the company. This means that these people could also have been infected with WannaCry, for example. This corresponds to 8.3% of all email recipients. The following - anonymized - list shows the opening behavior of the tested companies:
Of course, all employees were informed about the test after the evaluation. Through the experience and the education, participants were able to learn to see through attack mechanisms more quickly and to react correctly in an emergency. The attachment benchmark described above thus offered much more than just a company comparison. Security exercises of this kind are also a fixed component of advact's awareness-raising offering.
Further information can be found at: http://www.advact.ch
