• United States



by Dave Gradijan

USB Drives Threaten Corporate Data

Jun 28, 20062 mins
CSO and CISOData and Information Security

In a test of network security by New York-based security audit firm Secure Network Technologies at a local credit union, 15 out of 20 scattered USB drives were found and subsequently plugged into computers by employees, The Register reports.

According to Steve Stasiukonis, vice president and founder of Secure Network Technologies, the test confirmed that employees play a key role in a company’s security and that many workers still do not understand the danger of USB drives.

While many companies focus on malicious viruses and trojans that are e-mail based, the article states that USB keys have become a popular way to sneak data out from companies.

Almost 37 percent of businesses surveyed by the Yankee Group in 2005 blamed USB drives for contributing to the disclosure of company information. Nearly two-thirds of the leaks resulted in some disruption to the business units involved, according to the analyst firm.

After analysts flagged iPods as a potential threat, corporate security professionals looked at all removal storage with more suspicion, Vladamir Chernavsky, CEO of AdvancedForce InfoSecurity Solutions, told the Register. Yet, because USB drives are easy to use and extremely portable, they have become perhaps the most popular choice for transporting modest amounts of data.

The twin lures of curiosity and utility, in the end, make USB drives a powerful Trojan horse, Secure Network Technologies’ Stasiukonis told the Register.

“Social engineering is always the easiest way to compromise a network, because people are typically very friendly and trusting,” he said.

Compiled by Paul Kerstein

For more information on USB drives and iPods, read Attack of the iPods!

Keep checking in at our Security Feed for updated news coverage.

Or subscribe via RSS.