For organizations in every industry and of every size, protecting data has become the new strategic imperative.
And for good reason.
According to a June article published by SelfKey, a company devoted to developing digital identity solutions, at least four billion records – including credit card numbers, home addresses, phone numbers and other highly sensitive information – have been exposed through data breaches in the first half of 2019.
Let that number sink in … four billion records.
With a number such as this, there is little reason why cybersecurity has become a cottage industry of consultants, programmers, software companies, and others – all looking to tap into the estimated $170 billion spent annually on cyber-defense technology.
While most of these cybersecurity efforts are aimed at keeping hackers in China, Turkey, Russia, and, yes, the United States, from infiltrating our computer networks, there is an easy-to-exploit vulnerability that leaves the physical devices connected to those networks easily accessible: the ubiquitous USB port.
While remote hacking events get all the headlines, a long favorite trick of cyber-criminals is infecting USB flash drives with malicious programs that take advantage of a human weakness: curiosity. After all, who among us has found a USB flash drive and has not actually plugged it into our laptop or desktop?
Think this rarely happens? Think again.
The Innocent Among Us
In August 2016, researchers at the University of Illinois discovered that people’s “curiosity” was their cyber undoing nearly half the time. To test their hypothesis, the researchers spread 297 USB flash drives across campus to see what would happen. Almost half of the devices (48%) ended up in the USB port of someone else’s computer. While most of them later claimed they plugged in the flash drive to find its rightful owner (we suggest that this is not much different than opening an unmarked package emitting a ticking noise to identify who the package belongs to), 18% admitted they simply plugged in the flash drive for no other reason that curiosity.
The most alarming discovery, however, was not the number of people who plugged the flash drive into a USB port, but rather the number who did so without taking the proper precautions; only 10 people analyzed the USB stick using antivirus software.
So, who’s at fault? The users for taking an unknown flash drive and sticking it into an open USB port? According to computer security expert, Bruce Schneier, the answer is no.
In his blog, Schneier on Security, Bruce wrote: “The problem isn’t that people are idiots, that they should know that a USB stick found on the street is automatically bad and a USB stick given away at a trade show is automatically good. The problem is that the OS trusts random USB sticks. The problem is that the OS will automatically run a program that can install malware from a USB stick. The problem is that it isn’t safe to plug a USB stick into a computer.”
That said, seeing that no real efforts are being made to stop operating systems from launching whatever is on those flash drives, we offer a better solution: Our array of USB port blockers, network port locks, and other Smart Keeper devices. These simple and inexpensive, yet well-crafted devices prevent end users from using your various ports as points of access for would-be intruders.