The Pentagon last week conceded that a USB flash drive carried an attack program inside a classified U.S. military network. Could your company be next?
Every day, flash memory devices are connected to business networks, posing a threat for which few companies are prepared.
The U.S. military recently underscored the problem in confirming that a 2008 attack on its systems originated with a flash drive plugged into a military computer located in the Middle East. The attack served as a wake-up call to the Pentagon, which responded by banning USB flash drives for more than a year. The ban was lifted earlier this year.
Few companies have locked down their systems against devices that can be used to steal data or infect networks from behind the perimeter. Earlier this year, a variant of an attack program known as Stuxnet used USB and other methods to spread among power companies, stealing information on the configuration of their sensitive operational networks.
Panda Security recently reported that 32% of small and midsize businesses cite USB flash drives and other external memory devices as the vector for viruses that infected victims. Almost half of all U.S. companies have been infected by a virus via a USB flash drive.
An employee who takes work home by loading it onto a USB flash drive could lose the device, exposing potentially valuable data. That raises a question: Is the threat posed by the device or by data on the device?
In a recent Ponemon Institute survey of IT security and operations managers, funded by Lumension, nearly 60% of respondents rated technology to control USB and other devices as important or very important, while 57% gave a similar rating to data-loss prevention technologies. However, antivirus and anti-malware technologies, whole-disk encryption, application controls, patch management, and IT asset management were all rated as more essential.
Employee education is part of the fight to secure companies against such mobile devices. In addition, encryption, role-based authentication, and data-loss protection can all help reduce the threat.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024