Assessing Ransomware Mitigation Strategies in Swedish Organizations: A Focus on Phishing Emails

Liedgren, Johan, von Bonsdorff, Felix

January 2023

Ransomware has been a growing threat to today's organizations, with irreparable damages and billions of dollars lost, it is crucial for organizations to implement mitigation strategies that can counter these attacks. With phishing attempts being the primary attack vector, it is evident that organizations need to implement the best practices in order to avoid the consequences. Thus, this study addresses the question “How do the actual ransomware mitigation strategies implemented by Swedish organizations compare to the best practices suggested in literature, with a focus on phishing emails as a common means of ransomware transmission?” The study was conducted by utilizing semi-structured interviews and interviewing five participants that work or have worked as IT-security consultants which are then summarized and analyzed with a thematic analysis approach. Seven relevant themes and fifteen sub-themes were introduced and analyzed in order to answer the proposed research question: attack vector, security awareness training, technical solutions, challenges of solutions, frameworks, evolution and keeping yourself updated. All participants were contacted via Linkedin and the interviews were done virtually via Zoom. The findings of this study shows that Swedish organizations utilize a minimal amount of ransomware mitigation strategies due to the lack of resources, care and overall awareness regarding the topic. According to the interviewed participants, basic forms of technical solutions and administrative solutions are mostly implemented, however they are a lacking form of medium and can generally be bypassed easily. The primary factors that were brought up and introduced was security awareness training and technical solutions. Essentially, it all boils down to employee’s incompetence and lack of security awareness. No matter how many technical solutions that are implemented within an organization, if an employee is not aware that they shouldn’t click on malicious links, an infection might spread.

Ransomware

ransomware mitigation

phishing

phishing emails

malware prevention strategies

Computer Sciences

Datavetenskap (datalogi)

Nappar ditt företag på falskt bete? : En undersökning om hur små- och medelstora företag i Sverige skyddar sig mot phishing-mejl.

Hägg, Filip, Johansson, Filip

January 2023

Mängden phishing-mejl har ständigt ökat under de senaste åren, i synnerhet mot företag och organisationer. Syftet med denna studie är att undersöka hur små- och medelstora IT-mogna företag (SMF:er) i Sverige skyddar sig mot phishing-mejl, deras största utmaningar med detta, och hur de upplevt att deras utsatthet förändrats under de senaste åren. Genom denna undersökning har brister i hur SMF:erna skyddar sig identifierats och säkerhetsåtgärder som hanterar SMF:ernas utmaningar tagits fram. Data samlades in genom både litteraturstudie och semistrukturerade-intervjuer med sju respondenter från enskilda företag, där samtliga hade ansvar för någon del i informationssäkerhetsarbetet. Resultatet visar att verksamheterna skyddar sig främst genom att sprida information, medan enbart en minoritet av respondenterna utbildar sina anställda. Ingen av respondenterna hade någon policy som berör hantering av phishing, och användandet av grundläggande tekniska skydd är något som var en gemensam nämnare. Gällande utmaningar visar resultatet främst en svårighet i att upprätthålla medvetenheten bland de anställda, samt att identifiera vilka tekniska skyddslösningar som ska anpassas. Majoriteten av respondenterna upplever även en ökad utsatthet av phishing-mejl, vilket de flesta också tror kommer att öka i framtiden. Med den insamlade data från intervjuerna och befintlig litteratur har sedan en rekommendationslista med säkerhetsåtgärder tagits fram som bemöter de utmaningar som SMF:erna belyser. / The number of phishing emails has been constantly increasing in recent years, especially towards businesses and organizations. The purpose of this study is to investigate how small and medium-sized IT-mature enterprises (SMEs) in Sweden protect themselves against phishing emails, their biggest challenges regarding this, as well as how they perceive that their exposure to phishing emails has changed in recent years. Through this study, gaps in how SMEs protect themselves have been identified and as a result, a list of security measures that address the SMEs' challenges have been produced. Data was gathered by conducting a literature study in conjunction with semistructured interviews with seven respondents, all whom where from individual companies and had some responsibility for the information security work. The results show that all SMEs rely on information sharing as their primary method of protection against phishing emails, while only a small proportion invest in employee education. In addition, the SMEs use only basic technical security solutions and none of them have any dedicated policy for managing phishing. Regarding challenges, the results mainly show difficulties in maintaining awareness among employees and identifying which technical security solutions that should be adapted. Furthermore, most of the respondents perceive that the exposure to phishing emails has increased and believe it will continue doing so in the future. With the collected data from the interviews and the literature study, a list of recommended security measures has compiled which addresses the challenges highlighted by the SMEs.

phishing

phishing-emails

social engineering

social awareness education

information security

phishing

phishing-mejl

social engineering

medvetenhetsutbildning

informationssäkerhet

Computer and Information Sciences

Data- och informationsvetenskap