Search Background

Get instant support with our search!

USB Attack Simulation

User Avatar
Jessica Higgins

Updated

What it is...

The USB Awareness Simulation tool is designed to help organisations identify and mitigate one of the most overlooked insider threats: plugging in untrusted USB devices. It simulates real-world USB drop attacks in a controlled and safe way, giving security teams visibility into employee behaviour and raising awareness about the associated risks.

How it works...

  • Create a New Simulation

    • Go to the platform and click Create New.

    • Enter a Simulation Name and Description.

      Tip: Include where you plan to leave the USB, e.g. “Reception – Visitor Area”.

  • Choose File Type

    • Select the type of file you want to simulate: Word or Excel.

  • Name the File

    • Give the file a name that might entice someone to open it, e.g. “Salary_Increase_2025.xlsx” or “Staff_Bonuses.docx”.

  • Save & Download

    • Click Save & Download Simulation.

  • Prepare the USB

    • Save the downloaded file onto a USB stick. (⚠️ Note: We do not provide USB sticks.)

  • Deploy the USB

    • Drop the USB in a staff-accessible area where you want to test user behaviour, e.g. a shared workspace, kitchen or reception area.

  • User Interaction & Training

    • If someone opens the file, they will be immediately presented with training designed to reinforce secure behaviour.

  • View Results

    • Return to the platform and click View Report next to your simulation.

    • The report will show:

      • Number of interactions

      • IP addresses

      • Device types used to open the file

Why it matters...

  • Proactive Defence: Identify if employees are vulnerable to USB-based social engineering attacks before real threats occur.

  • Awareness Building: Make the dangers of plugging in untrusted USBs tangible and memorable.

  • Improved Security Posture: Reduce risk from a common attack vector not typically addressed by standard phishing simulations.

Key Benefits

  • Increased Awareness: Employees experience firsthand why unknown USB drives can be dangerous.

  • Targeted Training: Focus your cyber security education where it’s needed most - on those who interacted with the USB.

  • Reduced Incidents: Real-world simulations translate to improved caution and fewer breaches.

Back to all articles