Feeds

Memory sticks top security concern for firms

But most have no safeguards in place

Seven Steps to Software Security

Removable media devices are now seen as the biggest security threat to corporate security, and yet 80 per cent of firms don't have safeguards in place.

That's according to a new study from Centennial Software which claims that four out of five firms have failed to implement effective measures to protect against the threat that such devices can pose.

Centennial's annual "Security Attitudes Survey 2007", which surveyed more than 370 mid and senior level IT managers attending the Infosecurity Europe expo in London, indicates that 38.4 per cent of respondents rank removable media devices such as USB memory sticks and MP3 Players, as the number one security issue facing their organisation.

This marks the first time that respondents have rated removable media devices above other common security threats such as viruses and malware/spyware.

Overall, 23.7 per cent of respondents who cited internet viruses as their biggest security concern, while 22.3 per cent said malware/spyware was the biggest threat to corporate security.

While IT managers are increasingly aware of the risks posed by removable media devices, it seems that few have implemented safeguards yet. This is despite a raft of recent media stories surrounding insider data theft using removable media.

According to the study, 43 per cent of those questioned have no controls whatsoever in place to manage removable media devices, while 27.4 per cent leave it to individual manager's discretion. Just 8.6 per cent of respondents have taken the drastic step of introducing a company-wide ban on the use of removable media devices.

In addition, 16.4 per cent use endpoint security software to manage potential risks effectively.

The study reveals that there has been a nine per cent rise in the number of companies who include references to removable devices in their acceptable use polices. However, respondents noted that use of USB memory sticks in particular, has almost doubled in the past year from 36.3 per cent in 2006 to 65.6 per cent this year and Centennial warns that companies need to do more to protect themselves.

"It's long been recognised that human error leads to the majority of information security problems," said Matt Fisher, vice-president at Centennial. "Leaving the use of removable devices at the discretion of staff exacerbates the risks posed by these devices - especially when a minority of employees may have reasons for wanting to steal or compromise data.

"A larger proportion of companies than last year said they had no controls for managing removable devices in place - 43.3 per cent versus 38.5 per cent last year. This is an alarming trend; if organisations recognise the risks of data loss, theft and damage from USB sticks, smartphones and MP3 players, they need to take action to manage the threat and protect their data," added Fisher.

A similar study carried out by business advisory firm Deloitte last July which indicated a 50 per cent rise in security breaches, found that almost half of all incidents originated internally, which the firm said was unsurprising given the increased popularity of portable media devices.

Copyright © 2007, ENN

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.