Feeds

Memory sticks top security concern for firms

But most have no safeguards in place

Beginner's guide to SSL certificates

Removable media devices are now seen as the biggest security threat to corporate security, and yet 80 per cent of firms don't have safeguards in place.

That's according to a new study from Centennial Software which claims that four out of five firms have failed to implement effective measures to protect against the threat that such devices can pose.

Centennial's annual "Security Attitudes Survey 2007", which surveyed more than 370 mid and senior level IT managers attending the Infosecurity Europe expo in London, indicates that 38.4 per cent of respondents rank removable media devices such as USB memory sticks and MP3 Players, as the number one security issue facing their organisation.

This marks the first time that respondents have rated removable media devices above other common security threats such as viruses and malware/spyware.

Overall, 23.7 per cent of respondents who cited internet viruses as their biggest security concern, while 22.3 per cent said malware/spyware was the biggest threat to corporate security.

While IT managers are increasingly aware of the risks posed by removable media devices, it seems that few have implemented safeguards yet. This is despite a raft of recent media stories surrounding insider data theft using removable media.

According to the study, 43 per cent of those questioned have no controls whatsoever in place to manage removable media devices, while 27.4 per cent leave it to individual manager's discretion. Just 8.6 per cent of respondents have taken the drastic step of introducing a company-wide ban on the use of removable media devices.

In addition, 16.4 per cent use endpoint security software to manage potential risks effectively.

The study reveals that there has been a nine per cent rise in the number of companies who include references to removable devices in their acceptable use polices. However, respondents noted that use of USB memory sticks in particular, has almost doubled in the past year from 36.3 per cent in 2006 to 65.6 per cent this year and Centennial warns that companies need to do more to protect themselves.

"It's long been recognised that human error leads to the majority of information security problems," said Matt Fisher, vice-president at Centennial. "Leaving the use of removable devices at the discretion of staff exacerbates the risks posed by these devices - especially when a minority of employees may have reasons for wanting to steal or compromise data.

"A larger proportion of companies than last year said they had no controls for managing removable devices in place - 43.3 per cent versus 38.5 per cent last year. This is an alarming trend; if organisations recognise the risks of data loss, theft and damage from USB sticks, smartphones and MP3 players, they need to take action to manage the threat and protect their data," added Fisher.

A similar study carried out by business advisory firm Deloitte last July which indicated a 50 per cent rise in security breaches, found that almost half of all incidents originated internally, which the firm said was unsurprising given the increased popularity of portable media devices.

Copyright © 2007, ENN

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.