78 per cent of IT professionals admit plugging in abandoned USBs

AhnLab, the South Korean IT security vendor, has revealed that 78 per cent of IT security professionals have admitted to picking up and plugging in USB flash drives found abandoned or lying around.  This goes against all the rules and warnings these professionals try to drum into their own colleagues inserting a "found" flash drive into a network lead to infecting files and networks, and ultimately, the loss of valuable data.

The study, which was conducted at last month's RSA Conference 2013 among  300 IT professionals  --  many of whom were security experts --,   found that data  which was discovered on the "found" USB drives often  included viruses, rootkits, bot executables, movies, music and other office documents.

The study also uncovered that more than 68 percent of those surveyed had been involved in a security breach, either at home, work or personally – with many relating back to the infected USB drives.

"I am utterly shocked at these figures, in particular, the 78 per cent number," said Brian Laing, VP of marketing and business development, AhnLab, Santa Clara.  "For example, Stuxnet, one of the world's most sophisticated cyber-attacks, gained access to its target system through a 'found' USB drive.  The creators of the malware left infected USB drives near a uranium enrichment facility and someone picked it up and inserted into their PC.  Stuxnet derailed the efforts of that nation to purify nuclear materials at its facility."

According to Laing, IT security professionals are clearly ignoring basic rules and this must stop.  An infected USB drive could result in infected machines, infected networks, and a PC or PCs in the network converted to a bot for use by cyber criminals.  The result could include stolen intellectual property, such as sales forecasts, customer, and financial information.  The list is endless.

"I urge IT security professionals to begin practicing what they preach," said Laing.  "This 'it won't happen to me' attitude doesn't wash.  It really does come down to the old mantra of combining people, process and technology – if you can get all three elements right, you are on track to a safe and secure environment.  "

In additional to this, a recent study from Virginia based PhishMe found that over 60 percent of people   will fall for a phishing attack if they have never been trained to know what to look out for.  One in five people admitted to being tricked by a phishing email into clicking a link or opening an attachment.  Training employees, globally, needs to be part of the solution.

Comments (0)

Add a Comment

This thread has been closed from taking new comments.

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter