[ISN] Lax USB stick security causing havoc

From: InfoSec News (alerts@private)
Date: Fri Jun 01 2007 - 00:38:40 PDT


http://www.channelweb.co.uk/vnunet/news/2190942/security-professionals-lax-usb

By Clement James
vnunet.com
30 May 2007

Security professionals routinely carry around portable storage devices 
loaded with sensitive work-related data, potentially putting company 
information at risk.

According to a straw poll carried out at Infosecurity Europe last month, 
90 per cent of the 12,000 attendees routinely carried portable storage 
devices.

SmartLine, a developer of network management and end-point security 
offerings, conducted a short survey on its stand.

"Ninety per cent of our visitors were carrying USB sticks, MP3 players, 
mobile phones with a memory card, digital cameras or some other storage 
gadget, " said Sacha Chahrvin, managing director for UK & Ireland at 
SmartLine.

"If they are representative of Infosec's visitors as a whole then nearly 
11,000 had such a device on them. We calculated that there were just 
under 22,000 devices in total wandering around at Infosec."

The survey also showed that 80 per cent of visitors believed their 
company had lost valuable confidential data through the use of these 
devices.

Of the 20 per cent who were confident that their data was safe from 
rogue USB sticks, only one did not use such devices at work.

"The security experts who visited our stand were very honest, and most 
admitted to a security breach. My concern is that the remaining 20 per 
cent are just kidding themselves," said Chahrvin.

"Our survey shows that these devices are extremely popular. Only 10 per 
cent of people did not have one on them, and everyone who took part in 
the survey owned at least one such product, even if they hadn't got it 
with them.

"Although these gadgets are designed to be perfectly harmless, it does 
not take much for them to become a major security headache. It is all 
too easy to use them to siphon off valuable data.

"Even legitimate users can simply lose the device, or have it stolen. 
Organisations need to ensure that they have the right security measures 
in place to protect themselves from this type of data leakage."


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Fri Jun 01 2007 - 00:51:17 PDT