Feeds

Memory sticks top security concern for firms

But most have no safeguards in place

Next gen security for virtualised datacentres

Removable media devices are now seen as the biggest security threat to corporate security, and yet 80 per cent of firms don't have safeguards in place.

That's according to a new study from Centennial Software which claims that four out of five firms have failed to implement effective measures to protect against the threat that such devices can pose.

Centennial's annual "Security Attitudes Survey 2007", which surveyed more than 370 mid and senior level IT managers attending the Infosecurity Europe expo in London, indicates that 38.4 per cent of respondents rank removable media devices such as USB memory sticks and MP3 Players, as the number one security issue facing their organisation.

This marks the first time that respondents have rated removable media devices above other common security threats such as viruses and malware/spyware.

Overall, 23.7 per cent of respondents who cited internet viruses as their biggest security concern, while 22.3 per cent said malware/spyware was the biggest threat to corporate security.

While IT managers are increasingly aware of the risks posed by removable media devices, it seems that few have implemented safeguards yet. This is despite a raft of recent media stories surrounding insider data theft using removable media.

According to the study, 43 per cent of those questioned have no controls whatsoever in place to manage removable media devices, while 27.4 per cent leave it to individual manager's discretion. Just 8.6 per cent of respondents have taken the drastic step of introducing a company-wide ban on the use of removable media devices.

In addition, 16.4 per cent use endpoint security software to manage potential risks effectively.

The study reveals that there has been a nine per cent rise in the number of companies who include references to removable devices in their acceptable use polices. However, respondents noted that use of USB memory sticks in particular, has almost doubled in the past year from 36.3 per cent in 2006 to 65.6 per cent this year and Centennial warns that companies need to do more to protect themselves.

"It's long been recognised that human error leads to the majority of information security problems," said Matt Fisher, vice-president at Centennial. "Leaving the use of removable devices at the discretion of staff exacerbates the risks posed by these devices - especially when a minority of employees may have reasons for wanting to steal or compromise data.

"A larger proportion of companies than last year said they had no controls for managing removable devices in place - 43.3 per cent versus 38.5 per cent last year. This is an alarming trend; if organisations recognise the risks of data loss, theft and damage from USB sticks, smartphones and MP3 players, they need to take action to manage the threat and protect their data," added Fisher.

A similar study carried out by business advisory firm Deloitte last July which indicated a 50 per cent rise in security breaches, found that almost half of all incidents originated internally, which the firm said was unsurprising given the increased popularity of portable media devices.

Copyright © 2007, ENN

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.