Thumb Drives Replace Malware As Top Security Concern, Study Finds - InformationWeek
Hardware & Infrastructure
02:48 PM
Building Security for the IoT
Nov 09, 2017
In this webcast, experts discuss the most effective approaches to securing Internet-enabled system ...Read More>>

Thumb Drives Replace Malware As Top Security Concern, Study Finds

A survey of IT managers showed that while more than half use a USB flash drive on a daily basis, many still view portable storage devices as a huge security threat.

A worker calls up a sensitive investor list and downloads it on her thumb drive, slips it into her pocket, and walks out, smiling and waving to her boss and the security officer stationed at the front door.

This is just one of the scenarios that security professionals and IT managers are increasingly worried about. According to one recent study, IT managers said portable storage devices, such as thumb drives and MP3 players, have surpassed even malware to become a top concern.

The study, which polled 370 IT professionals, showed that 38.4% of IT managers say portable storage devices are their top security concern. That's up from 25.7% in 2006.

"It is very easy to download information to them quickly," said Bill Piwonka, VP of product management for Centennial Software, which conducted the survey at this spring's InfoSec security conference in London. "If there isn't a defined acceptable use policy or controls to prevent the download and transfer of sensitive data, managers do not know if and how such data is leaving the building. Also, USB sticks are frequently lost. If sensitive data isn't encrypted on these devices, it would obviously be very easy to obtain."

To make matters worse, 80% of respondents admitted that their organizations don't currently have effective measures in place to combat the unauthorized use of portable devices. And 43.2% cited no control at all. Only 8.6% have a total ban on portable devices.

Piwonka said in an interview that that danger with portable storage devices lies in not knowing what files have been maliciously or even unintentionally downloaded to them, and how that data is being used. And if it has been lost, who has the information?

A worker easily could download corporate information -- sales figures, customer lists, marketing plans -- onto a small storage device, slip it into their bag or even a pocket, and just walk out the door with it. It makes stealing information much easier since it's not a matter of printing anything out or even walking out of the office with a laptop slung over a shoulder.

While IT managers fear what users might do with a portable storage device, they also really like them for themselves.

The study showed that 65% of IT managers use a USB flash drive on a daily basis.

"Portable devices do have a function in the workplace," said Piwonka. "They are an easy way to share, transfer, and store information. Managers need to create an acceptable use policy and share it with their employees to further control the handling of sensitive data."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Brian E.
Brian E.,
User Rank: Apprentice
3/1/2012 | 12:55:38 AM
re: Thumb Drives Replace Malware As Top Security Concern, Study Finds
Hi there,

You may want to check out MetaDefender for Media (MD4M) at
I think this is the ideal solution to protect your organization from risks associated with infected media present on peripheral devices such as USB drives, CDs and other media. MD4M scans your media using up to 10 antivirus engines (from AVG, CA, ESET and others) as well as your own custom engines (such as Data Loss Protection), and it also allows control over the flow of data in and out of an organization. After analysis, you can decide how the file is handled G㢠whether it should be quarantined, allowed to enter/leave the organization, etc.
As far as I know, MD4M is available either as a kiosk or as standalone software to run on your own scanning station.

I hope this helps.
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll