This awareness module concerns what happens after a serious malware infection, as the incident unfolds.  The undeniable fact is that preventive controls are fallible, hence malware incidents occur.  Ransomware, in particular, is an increasing malware threat with consequences for incident and business continuity management. 
 
Our other malware awareness modules have covered novel forms of malware that were emerging issues at the time – multifunctional malware, Advanced Persistent Threats, bank Trojans, ransomware and cryptocurrency miners being recent examples. 
 
As with almost all of the security awareness topics, and information security in general, our primary concern to date has been to help organisations avoid and prevent incidents, reducing the probability of occurrence. This time around, however, we took a different tack with malawareness, exploring what happens after malware incidents occur - what can/should be done to reduce the business impacts of those incidents and, ideally, to reduce the possibility of future incidents by learning the hard lessons.
 
The nice thing about security awareness is that we also get to learn the soft lessons, benefiting from others’ misfortune.  Specifically, we used the Travelex ransomware incident as a case study to illustrate the awareness materials, along with those experienced previously by Norsk Hydro, Sony and many others.  We consciously avoided blaming them for failing to avoid or prevent the incidents: they are, after all, the victims of these attacks, not the perpetrators.  As far as we know, their information security arrangements were in line with current practice, not exceptionally insecure, lax or incompetent … but that’s the crux of it: current practice is inadequate. We can, or rather must do better!  Since we can't totally block malware infections, we must be ready to handle incidents efficiently and effectively. Awareness is a critical part of the control.