Monday, October 26, 2015

CompTia Survey - 17% of people would put a found USB stick in their laptop. Ouch or fantastic?

In a  CompTia survey  written about by Softpedia in “One of the Biggest Security Risks: Naive People Connecting Lost USBs to Their PCs”,   an interesting statistic came up.  As part of the study, 200 USB sticks were left in high traffic locations in US cities.  20% (forty) were picked up and 17% were connected to people’s laptops.  According to the article, The USB sticks used in the experiment contained a text file, which included instructions asking the user to send an email to a specific address, or to click through a trackable URL.

The reporter found the 17% figure worrisome.  I’ll take a contrarian view.

At RSA San Francisco 2013, we conducted a security survey, gathering 300 responses.  78% of those responding said that they had once found a USB and plugged it into their laptop!   68% of those surveyed had been involved in a security breach, either at home, or in their office.

While 17% is a frighteningly high number, that is a 61%% drop from what I found just two and a half years earlier!

A found USB stick is an internet equivalent of coming across  a “Wet Paint” sign. You just have to check it out yourself. We are our own worst enemies. More training is need. 

For an interesting read on the use of infected USB sticks for good, Google and read about Stuxnet, a 500-kilobyte computer worm that infected the software of at least 14 industrial sites in Iran, including a uranium-enrichment plant. 

No comments: