In a CompTia survey written about by Softpedia in “One of the
Biggest Security Risks: Naive People Connecting Lost USBs to Their PCs”, an interesting statistic came up. As part of the study, 200 USB sticks were left
in high traffic locations in US cities.
20% (forty) were picked up and 17% were connected to people’s laptops. According to the article, The USB sticks used
in the experiment contained a text file, which included instructions asking the
user to send an email to a specific address, or to click through a trackable
URL. http://bit.ly/1Mo6L9N
The reporter found the 17% figure worrisome. I’ll take a contrarian view.
At RSA San Francisco 2013, we conducted a security survey,
gathering 300 responses. 78% of those
responding said that they had once found a USB and plugged it into their
laptop! 68% of those surveyed had been
involved in a security breach, either at home, or in their office. http://reut.rs/1RaHiPh
While 17% is a frighteningly high number, that is a 61%%
drop from what I found just two and a half years earlier!
A found USB stick is an internet equivalent of coming across
a
“Wet Paint” sign. You just have to check it out yourself. We are our own worst
enemies. More training is need.
For an interesting read on the use of infected USB sticks
for good, Google and read about Stuxnet, a 500-kilobyte computer worm that
infected the software of at least 14 industrial sites in Iran, including a
uranium-enrichment plant.
No comments:
Post a Comment