As human beings, we are naturally curious and helpful. This positive fact also entails a risk for your organisation: USB-dropping.
Within your organisation, you will certainly still be using USB sticks. However, the risk is that a USB stick with malicious software will damage the systems within your organisation. With usb-dropping, we leave one or more usb-sticks behind in your organisation. We then monitor whether your employees insert these USB sticks into their computers and open files. Of course, these files are not harmful in this ‘simulation’. This gives you a real insight into the dangers your organisation faces, without having to suffer the consequences.
USB drop attacks are not limited to the victim’s device. An entire computer network can be affected. A well-known example is a harmful programme called Stuxnet. This is a computer worm that was able to spread through the network of Iranian uranium enrichment centres via an infected USB stick.
The government of the United States has also been a victim of USB-dropping. In 2008, an infected USB stick was put in a military laptop in the Middle East. Unnoticed, the code spread through classified documents, among other things, which were eventually forwarded to servers in foreign hands. It just proves that it can happen to even the most powerful organisations. Many organisations still believe that it will not happen to them. However, when you have personal data, you are always of interest to a criminal.
What to do after a usb-dropping campaign?
Your employees are the front line in your defence mechanism. With the right knowledge, you can arm your organisation against attacks from criminals. The world of cybercrime is developing rapidly and your employees should be aware of the dangers. Through cybersecurity awareness training, possibly in combination with a phishing simulation, your organisation will be optimally prepared against attacks.