Feeds

Memory sticks top security concern for firms

But most have no safeguards in place

Protecting users from Firesheep and other Sidejacking attacks with SSL

Removable media devices are now seen as the biggest security threat to corporate security, and yet 80 per cent of firms don't have safeguards in place.

That's according to a new study from Centennial Software which claims that four out of five firms have failed to implement effective measures to protect against the threat that such devices can pose.

Centennial's annual "Security Attitudes Survey 2007", which surveyed more than 370 mid and senior level IT managers attending the Infosecurity Europe expo in London, indicates that 38.4 per cent of respondents rank removable media devices such as USB memory sticks and MP3 Players, as the number one security issue facing their organisation.

This marks the first time that respondents have rated removable media devices above other common security threats such as viruses and malware/spyware.

Overall, 23.7 per cent of respondents who cited internet viruses as their biggest security concern, while 22.3 per cent said malware/spyware was the biggest threat to corporate security.

While IT managers are increasingly aware of the risks posed by removable media devices, it seems that few have implemented safeguards yet. This is despite a raft of recent media stories surrounding insider data theft using removable media.

According to the study, 43 per cent of those questioned have no controls whatsoever in place to manage removable media devices, while 27.4 per cent leave it to individual manager's discretion. Just 8.6 per cent of respondents have taken the drastic step of introducing a company-wide ban on the use of removable media devices.

In addition, 16.4 per cent use endpoint security software to manage potential risks effectively.

The study reveals that there has been a nine per cent rise in the number of companies who include references to removable devices in their acceptable use polices. However, respondents noted that use of USB memory sticks in particular, has almost doubled in the past year from 36.3 per cent in 2006 to 65.6 per cent this year and Centennial warns that companies need to do more to protect themselves.

"It's long been recognised that human error leads to the majority of information security problems," said Matt Fisher, vice-president at Centennial. "Leaving the use of removable devices at the discretion of staff exacerbates the risks posed by these devices - especially when a minority of employees may have reasons for wanting to steal or compromise data.

"A larger proportion of companies than last year said they had no controls for managing removable devices in place - 43.3 per cent versus 38.5 per cent last year. This is an alarming trend; if organisations recognise the risks of data loss, theft and damage from USB sticks, smartphones and MP3 players, they need to take action to manage the threat and protect their data," added Fisher.

A similar study carried out by business advisory firm Deloitte last July which indicated a 50 per cent rise in security breaches, found that almost half of all incidents originated internally, which the firm said was unsurprising given the increased popularity of portable media devices.

Copyright © 2007, ENN

The next step in data security

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.