As cloud storage has grown in popularity, the use of USB flash drives has declined in many settings. The decline in popularity of USB flash drives, however, hasn’t necessarily diminished their threat, as they are still a common tool in some settings.
Data from the 2021 Honeywell Industrial USB Threat Report has some surprising findings. Among them:
- 37 percent of threats were specifically designed to utilize removable media, which almost doubled from 19 percent in the 2020 report.
- 79 percent of cyber threats originating from USB devices or removable media could lead to critical business disruption in the operational technology (OT) environment. At the same time, there was a 30 percent increase in the use of USB devices in production facilities last year, highlighting the growing dependence on removable media.
USB flash drives provide a sense of security and separation from connectivity. And studies have shown people are comfortable with the drives.
But, according to a 2016 study at the University of Illinois, the conundrum created by dependence on USB flash drives is evident when researchers simulated a malware attack by leaving 300 flash drives at various places on campus. Note: This is a very similar exercise to how the largest cyberattack on the United States occurred which started when a USB flash drive infected by a foreign intelligence agency was left in the parking lot of a Department of Defense facility at a base in the Middle East. It contained malicious code and was put into a USB port from a laptop computer that was attached to United States Central Command. From there it spread undetected to other systems, both classified and unclassified.
But back to the University of Illinois study; “We find that the attack is effective with an estimated success rate of 45 – 98% and expeditious with the first drive connected in less than six minutes,” the study says.
Communicate and educate your staff to the security dangers of connecting unknown devices to their PC, or any device connected to your network.
Idea Solutions offers Security Awareness Training for its clients. This training is designed to develop competency and impact behavior across the workforce.