Cybersecurity Awareness Education by Making Ransomware Tangible Securely

Cybersecurity Awareness Education by Making Ransomware Tangible Securely

연구 분야: Safety

학회: International Conference on Innovations for Community Services

Phishing techniques under the Massachusetts Institute of Technology Research and Engineering (MITRE) ATT&CK Framework, along with their offshoots Smishing, Spearphishing, and Whaling, remain prevalent despite widespread security awareness, facilitating ransomware attacks that encrypt data for impact. Ransomware threats expand from single to triple extortion, combining data encryption with threats of auctioning stolen data and launching Distributed Denial of Service (DDoS) attacks. Europol’s Internet Organised Crime Threat Assessment (IOCTA) 2024 underscores the persistent risk of ransomware, a danger often underestimated by organizations. This research examines the security awareness gap, as typical end users and staff engaged in Information Technology (IT) rarely face ransomware incidents or gain hands-on experience with incident response. To address this gap, a safe, playful, and controlled environment enables trainees to interact with ransomware securely while exploring the encryption process and incident response strategies. A new research design assesses security awareness, with findings analyzed in the context of a walkthrough room named CONTAIN on TryHackMe, supported by a longitudinal study. The document concludes with a summary of results and recommendations for future work.