This is a recurring theme in the information security world. The plague of the USB drive. While functional and incredibly handy to have it exposes an enterprise to numerous risks. Recently the company Secure Network Technologies left 20 USB drives with a password stealing trojan around the office of a company that was being auditted. 15 of the devices were attached to computers and the wee beasties went to work.
The test confirmed that employees play a key role in a company’s security and that many workers still do not understand the danger of USB drives, said Steve Stasiukonis, vice president and founder of Secure Network Technologies.
“Most companies know that USB devices are a problem,” he said. “But to them it’s a potential issue. They haven’t heard about a lot of people being exploited by such techniques.”
There have been cases of US military information on USB drives ending up in bazaars, iPods as drives to ferret away information, and now we see VoIP providers offering softphones on USB keys.
It’s no surprise, then, that USB keys have become a popular way to sneak data out from companies. Almost 37 per cent of businesses surveyed by the Yankee Group in 2005 blamed USB drives for contributing to the disclosure of company information. Nearly two thirds of the leaks resulted in some disruption to the business units involved, according to the analyst firm.
That being said you can spend a fortune to lock down your systems using software from some security company or you just change a registry setting. Here is a quick and easy post that I wrote on my blog May 1st that discusses how to disable USB storage devices via a simple registry change.
[tags]USB Storage, USB Devices, USB Security, iPod, Data Security, Data Leaks, USB Drives, Insider Threat[/tags]