Feeds

Memory sticks top security concern for firms

But most have no safeguards in place

New hybrid storage solutions

Removable media devices are now seen as the biggest security threat to corporate security, and yet 80 per cent of firms don't have safeguards in place.

That's according to a new study from Centennial Software which claims that four out of five firms have failed to implement effective measures to protect against the threat that such devices can pose.

Centennial's annual "Security Attitudes Survey 2007", which surveyed more than 370 mid and senior level IT managers attending the Infosecurity Europe expo in London, indicates that 38.4 per cent of respondents rank removable media devices such as USB memory sticks and MP3 Players, as the number one security issue facing their organisation.

This marks the first time that respondents have rated removable media devices above other common security threats such as viruses and malware/spyware.

Overall, 23.7 per cent of respondents who cited internet viruses as their biggest security concern, while 22.3 per cent said malware/spyware was the biggest threat to corporate security.

While IT managers are increasingly aware of the risks posed by removable media devices, it seems that few have implemented safeguards yet. This is despite a raft of recent media stories surrounding insider data theft using removable media.

According to the study, 43 per cent of those questioned have no controls whatsoever in place to manage removable media devices, while 27.4 per cent leave it to individual manager's discretion. Just 8.6 per cent of respondents have taken the drastic step of introducing a company-wide ban on the use of removable media devices.

In addition, 16.4 per cent use endpoint security software to manage potential risks effectively.

The study reveals that there has been a nine per cent rise in the number of companies who include references to removable devices in their acceptable use polices. However, respondents noted that use of USB memory sticks in particular, has almost doubled in the past year from 36.3 per cent in 2006 to 65.6 per cent this year and Centennial warns that companies need to do more to protect themselves.

"It's long been recognised that human error leads to the majority of information security problems," said Matt Fisher, vice-president at Centennial. "Leaving the use of removable devices at the discretion of staff exacerbates the risks posed by these devices - especially when a minority of employees may have reasons for wanting to steal or compromise data.

"A larger proportion of companies than last year said they had no controls for managing removable devices in place - 43.3 per cent versus 38.5 per cent last year. This is an alarming trend; if organisations recognise the risks of data loss, theft and damage from USB sticks, smartphones and MP3 players, they need to take action to manage the threat and protect their data," added Fisher.

A similar study carried out by business advisory firm Deloitte last July which indicated a 50 per cent rise in security breaches, found that almost half of all incidents originated internally, which the firm said was unsurprising given the increased popularity of portable media devices.

Copyright © 2007, ENN

Secure remote control for conventional and virtual desktops

More from The Register

next story
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Enigmail PGP plugin forgets to encrypt mail sent as blind copies
User now 'waiting for the bad guys come and get me with their water-boards'
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.