Bruce Schneier asks why anyone thought it couldn’t be – everyday employees will infect company machines despite blatant warnings not to. As part of a social engineering type experiment, employees of an IT training company handed out CDs containing a purported Valentine’s Day surprise. Despite obvious warnings about the dangers of third-party software and the obvious potential violations that could occur by dropping the CD in company machines, several financial services firms’ employees tried anyway.
I have to ask, would the outcome have been any different if you only targeted independent contractors using their own hardware? The “creative class” doesn’t have to sit in a windowless cubicle all day, which is why I think the original experiment is somewhat skewed – they handed the CDs to obviously pissed off drone workers.