This notebook was left unattended for about 10 minutes. An attacker prepared for this kind of attacker would need approximately 10 seconds for inserting a USB stick and installing a rootkit. When working in external environments employees should never leave their notebook unattended for more than 5 minutes, depending on the security level of the data stored on it. In some cases there is really no excuse to leave the notebook unattended. When leaving the working place for short periods of time, f.e. getting a coffee, the OS should always be locked to prevent unauthorised access. However, be aware, that there are also attacks possible on locked screens.