Security Alert: Flash Drives a Fierce Threat

Wednesday, September 8, 2010 @ 06:09 PM gHale


Flash memory infiltrates behind corporate firewalls and connects to the enterprise every day. That threat has been almost invisible for years and even now companies are not able to handle it.
Even the mighty U.S. military is not immune. They confirmed an attack on its systems in 2008 originated with a flash drive plugged into a military computer located in the Middle East. The infection “spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control,” U.S. Deputy Secretary of Defense William J. Lynn III wrote in a column last month.
The attack became a wakeup call for the Pentagon, which responded by banning USB flash drives for more than a year. The ban finally ended earlier this year.
While companies worry about the software-based security vulnerabilities present in their networks and systems, far fewer have locked down their systems against devices that can steal data or infect the network from behind the perimeter. If you are not sure it can happen, just look at the Stuxnet attack last month.
As part of its reintroduction of USB flash drives, the U.S. military improved its antivirus and malware capabilities, required that flash drives undergo authorization to connect to a computer, and tightened the security of authorized flash drives. The Department of Defense is also reducing its reliance on flash drives, opting for collaborative workspaces and other data-sharing portals.
Businesses have yet to lock down their own employees’ use of flash drives. In a report entitled, “Barometer of Security in SMBs,” antivirus company Panda Security found 32 percent of small and medium businesses cited USB flash drives and other external memory devices as the vector for viruses that infected the victims. In the U.S., almost half of all companies suffered from a virus via a USB flash drive.
The simple fact is if a company wants to remain secure, it has to go about educating its employees. Because USB flash drives can aid productivity, getting employees to abandon them is difficult, as the Pentagon discovered. Instead, using technologies such as encryption, role-based authentication and data-leakage protection can help reduce the threat posed by flash drives.



Leave a Reply

You must be logged in to post a comment.