Critical Intel: Three Steps to Preventing USB Data Breaches

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.business2community.com/tech-gadgets/critical-intel-three-steps-preventing-usb-data-breaches-0663124#aAkeYCK7374vteBT.99


In today’s National Cybersecurity Awareness Month post, SolarWinds‘ VP of
Product Management, Chris LaPoint, takes us behind the scenes of USB drive
security awareness and ways to ensure mobile data remains secure. Chris has
spent the last decade building IT management software, first as a software
engineer, then as a technical evangelist and product manager at SolarWinds.

In the movies, USB drives are the tools spies use to easily tote around a
secret list of global CIA operatives, or nuclear launch codes. All of it
highly secure, of course.

The problem is that USB drives are not necessarily secure, and life is not
a Jason Bourne film. In fact, USB drives are highly susceptible to malware
and data loss due to, among other things, simple human error.

According to the Ponemon Institute:

- 800,000 data-sensitive devices are lost or stolen each year
- 74% of missing USB drives result from employee negligence
- 65% of missing USB drives are not reported by the employee

Of course, public sector organizations need to be particularly careful that
data stored on USB drives is kept safe. There is no margin for error here;
even the smallest breach can cause catastrophic results. That’s why
organizations such as the Department of Homeland Security are actively
endorsing particular types of encrypted USB drives and auditing all mobile
devices.

Beyond a full-scale audit, however, there are some simple steps that
federal agencies can take to ensure USB security, including:

1. Active monitoring and tracking of network activity. Breaches exhibit
certain patterns. For example, you may detect unusual after hours activity
on your network, or higher than average login attempts to reach highly
secure information. Tracking LAN traffic can help IT teams pinpoint
USB-introduced malware based on how it tries to access other ports or
network hosts, allowing IT teams to contain the threat. Simultaneously, the
teams can prevent data from leaving the organization through the USB drive.
2. Deploy a secure managed file transfer system. USB drives are popular,
but they’re certainly not the only easy-to-use storage solution. Remember
FTP? It generally gets a bad rap for potentially being unsecure, but it
doesn’t have to be. Managed file transfer (MFT) systems provide FTP with a
high level of security while allowing employees to access files wherever
they may be. These web-based systems control access via virtual folders,
and allow IT managers to actively monitor and control the data being
accessed. Also, MFT systems eliminate the need to store data on physical
media, so information will no longer be literally out the door. In fact,
you can shut off access to USB drives altogether, yet still provide
employees with a simple and secure way of accessing information.
3. Use a USB defender tool. If you’re still set on allowing USB devices on
your network, a USB defender tool is a must. USB defenders can provide IT
with a real-time alert whenever a USB drive is being used. The usage can
then be matched to network logs to correlate malicious attacks with USB
use. Defender tools can automatically block USB usage, disable user
accounts, quarantine workstations and automatically eject drives. This
takes a massive load off the security-minded IT manager.

USB drives may not exactly be the end-all storage solution that Hollywood
would like us to believe – but they could certainly end all of the hard
work that organizations have done to keep their information safe.
Organizations need to do everything they can to monitor, protect and defend
that information, or risk having data corrupted or compromised.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.