Welcome to the SecAware blog

I spy with my beady eye ...

9 May 2007

Insider threat - USB thumb drive

"A worker calls up a sensitive investor list and downloads it on her thumb drive, slips it into her pocket, and walks out, smiling and waving to her boss and the security officer stationed at the front door. This is just one of the scenarios that security professionals and IT managers are increasingly worried about. According to one recent study, IT managers said portable storage devices, such as thumb drives and MP3 players, have surpassed even malware to become a top concern."

I presume reporter Sharon Gaudin from Information Week has simply swallowed and regurgitated the blurb from Bill Piwonka (yes, that's his real name - I couldn't make 'em up), VP of product management for Centennial Software, which conducted a "survey" at the InfoSec security conference in London. [Would you be surprised to hear that the company sells a "solution" to control access to USB drives?] The scenario described above looks more like an insider threat example to me. The fact that the worker used a USB thumb drive is incidental: it could equally have been a USB hard drive, a CD-ROM, even a pen and paper. She could have emailed it to herself or an accomplice, perhaps ZIPped up with 256-bit AES to bypass any content inspection. Preventing the abuse of USB thumb drives is hardly going to stem the flow.

1 comment:

  1. Gary,
    You have highlighted an important point - When you have got a hammer, the whole world looks like a nail.

    Here, the real issue is the "Insider". It could be one of any number of ways (USB device included) through which the information is leaked.

    Further, are we sure that the "Insider" has access to that information because there is a justified need-to-know/use or just plain because he/she is an "Insider" ?

    It is a tight-rope walk between free flow of information and need based restriction, but somewhere the organization has to walk it.

    Best Regards