While the WannaCry ransomware variant spread like wildfire across the globe, employees sat at their desks, blissfully unaware of what was happening.
Or, at least some people were.
A recent survey conducted by Wombat, shows that only 37% of Americans and 42% of Brits were able to accurately explain what ransomware is. They boil these numbers down to 4 out of every 10 people won't be able to tell you what ransomware is.
You'll have to take the study with a grain of salt, because it was completed within 24 hours of the first round of notifications following the WannaCry disaster.
Still, did a lack of awareness contribute to the rapidfire spread of the malware, and the lack of security updates in the first place?
But we can hope, maybe foolishly, that the general population is now much more familiar with cyber crime. However, these answers for what malware is are pretty amusing:
We should especially hope for the best in terms of a heightened security awareness, after CheckPoint recently disclosed that either WannaCry or Fireball infected a fourth of the world's companies.
Below are the top ten malware variants for the month of May (according to CheckPoint's Global Threat Impact Index), with arrows indicating their change in position from the previous month:
"The findings show that the threat of ransomware is not going away. Organizations need to remember the financial impact from an attack goes far beyond the initial incident. Restoring key services and repairing reputational damage can be a very long and expensive process. Organizations in every industry sector need a multi-layered approach to their cybersecurity," says the Global Threat Impact Index report.
CheckPoint also broke down their index globally, with countries in red highlighting high-risk areas:
Interestingly, the top 5 countries hit the hardest by WannaCry were Russia (overwhelmingly), Ukraine, India, Taiwan, and Tajikistan according to Kaspersky Labs.
However, these countries weren't necessarily the most vulnerable, according to the map above.
Even if countries, companies, and individuals were able to accurately describe the threats they're facing (whether they know it or not), that doesn't mean they'll be able to have a proper defense plan in place.
"To drive true and lasting behavior change, employee education programs must include regular delivery of both awareness and training activities. When organizations consider the implications of end-user-driven risks, they should also consider the opportunities to mitigate these risks and create a workforce that has the knowledge to make informed choices and has the ability to be part of the solution rather than part of the problem," the Wombat report concludes.
