<img height="1" width="1" src="https://www.facebook.com/tr?id=3323484487762706&amp;ev=PageView&amp;noscript=1">

USB Security Risks | When Flash Drives Become Dangerous

Posted by Corey Belanger

Many organizations connect flash drives to critical networks and information systems to transfer and store large amounts of critical information. Also, employees use USB devices to carry sensitive work information when working remotely. Unfortunately, there are numerous USB security risks you should be aware of to prevent flash drives from becoming a danger to your organization. For example, the infamous Stuxnet worm used to cripple Iran’s nuclear enrichment programs, the first attack to damage industrial control systems, was distributed using infected USB drives.

In many cases, flash drives become dangerous when an attacker or insider threat needs physical access to your computer. Plugging a compromised USB drive can introduce numerous security risks, including spreading dangerous malware such as ransomware. The average cost of a ransomware incident in 2022 may exceed $925,162, a 71% increase from 2021. In addition, attackers may use flash drives to spread other types of malware, including spyware, and to install backdoors in your systems.

 

Top Security Risks of Using Flash Drives 

Many companies expose themselves to many security threats since their USB security programs lack adequate measures to ensure data security. In a recent survey, approximately 58% of organizations lack safe listing and USB port control software for managing flash drive usage. The same survey found that only 47% of businesses require their employees to encrypt data stored in USB drives. Furthermore, 53% of companies lack appropriate controls for detecting and preventing users from downloading sensitive data onto unauthorized USB devices.

While at least 90% of employees worldwide use USB devices for work-related reasons, it is worrying that more than half of companies don’t allowlist flash drives or use USB port controls to manage USB connections or encrypt data stored in flash drives. The following are the top risks of using USB devices.

 

1. Data Loss from Misplaced USB Drives

USB devices are tiny and used to easily transfer large amounts of data from one computer to another. However, the high portability and small size make them easy to lose. For example, according to the New York Times, an employee was supposed to clear flash drives of sensitive information of about 460,000 people. The data comprised names, dates of birth, and other private information. However, when taking the USB stick home, he dropped it, losing the whole data and risking the privacy of the data owners. Luckily, the flash drive was password-protected and was found a few days later. Unfortunately, such incidents are widespread and can potentially cause huge data breaches that can ruin your organization’s reputation and cause financial losses. 

2. Malware Attacks 

Malicious USB disks are the most significant security threats facing companies today. In USB attacks, all an attacker need is to gain physical access to a computer and plug an infected device that installs the malware automatically, as opposed to convectional hacking, where hackers must bypass firewalls, antivirus programs, and other controls. Malicious USB drives contain pre-programmed malware programs that allow attackers to access the victim’s peripheral devices, including the keyboard, gain access to a network and move laterally to other computer systems, steal proprietary data, and spy on the organization’s network activities. In addition to distributing malware, USB devices can also be re-programmed to take over the compromised computer allowing attackers to do what they want in the background. 

3. Risk of Non-Compliance

Most compliance regulations, including HIPAA, PCI DSS, and GDPR, provide instructions on how companies should secure specific types of client data. These measures include data encryption, access controls to restrict access to different data types, and governance. Failing to comply with such requirements attracts heavy penalties and exposes you to data breaches and loss. For example, unauthorized people can access unencrypted devices, and misplacing them may cause sensitive data to end up in the wrong hands. Also, employees can use USB drives to move personally identifiable information to their home devices that lack data protection safeguards as required in various regulations. In addition, non-compliance introduces other challenges, such as lost customer trust and missed business opportunities since third parties are less likely to work with non-compliant organizations.

4. Lack of Acceptable Use Policies 

Most companies fail to enforce acceptable use policies that describe the best security practices to observe when connecting flash drives to internal systems and networks. This can become a problem since employees may misuse the privileges and expose the organization to data loss, malware attacks, and breaches. At the very least, an organization should implement access control mechanisms in all systems to restrict access to valuable data. Also, USB data storage devices should be subject to periodic internal audits and reviews, and employees should be asked to justify any usage deemed inappropriate or excessive. Acceptable use policies are necessary to protect corporate data from loss and unauthorized access and the organization from malware attacks.

5. Lack of Employee Awareness

Training and awareness equip employees with the best cybersecurity practices regarding the safe use of USB devices. For example, many staff members may not know that plugging unknown flash drives can install malware, leading to large-scale attacks and data breaches. Attackers may bait unaware employees by dropping a flash drive and waiting for someone to pick it up and plug it into a work computer. Additionally, lack of awareness may cause an employee to store unencrypted data in a USB device which is then shared with other users, which may lead to data leakage. Most attacks are due to human error, and hackers target unaware individuals to execute successful cyberattacks. 

 

How to Protect Against USB Security Risks

The security risks of using flash drives are growing every day, with 37& of all threats in 2021 designed to use USB removable media, while 79% of USB-based security threats can cause widespread disruption to critical business operations and destruction to operational technology. Therefore, you should adhere to the recommended practices to protect yourself from flash drive risks.

1. Outsource to a Managed Security Provider

Managed service providers (MSPs) like Pulsar Security have the experience, personnel, and technology to detect and mitigate USB security threats. For example, an MSP can remotely enforce USB drive encryption to encrypt your data. Also, MSPs track and log data and files transferred to USB drives allowing them to determine which devices have access permissions or delete USB data remotely to preserve its integrity and confidentiality.

MSPs are also advantageous since they monitor USB usage activities within your network. Insider threats with knowledge of your critical data can copy it to an unauthorized USB drive and use it for malicious actions, such as patent infringement, theft of intellectual properties, data leaks on the dark web, and identity theft. MSPs counter such threats by using flash drive monitoring software to detect which devices are connected to your network and restrict unauthorized file transfers. 

2. Employee Security Training

At least 90% of cybersecurity incidents occur due to ignorant and unaware system users. Most employees are more likely to plug in unknown flash drives due to a lack of awareness of the security risks of such an action. Because of this, organizations must introduce in-depth employee training programs to prepare employees to identify and defend against USB security threats. The programs should be frequent since USB threats evolve continuously. 

Specifically, the training and awareness sessions should cover the best practices of using USB drives securely when storing or transferring confidential data. Such practices include password-protecting flash drives so unauthorized users cannot access the stored contents if the devices get lost. Training should also focus on using USB antivirus solutions that scan a USB to identify and remediate security threats once connected to a computer. 

3. Endpoint Monitoring

USB devices can connect to any endpoint deployed in your network, including smartphones, laptops, computers, and servers. Hence, you should implement an endpoint monitoring solution that provides complete visibility of all your endpoints. Monitoring your endpoints can help track the users that plug USB devices into your systems to identify and counter potential threats. For example, an endpoint detection and response solution (EDRS) can detect USB threats introduced through the endpoints and deploy instant response measures, such as disconnecting the endpoint from the network to prevent attacks. In addition, MSPs can deploy an effective endpoint solution in your organization and provide competent professionals to ensure continuous monitoring.

4. Removable Media Control and Encryption

Removable media control and encryption comprise the mechanisms that manage flash drive access to USB ports. They are essential to endpoint security since they prevent the unauthorized use of USB peripherals, devices, and adapters by disabling access via the USB ports. Moreover, the control and encryption mechanisms secure internal systems and networks from malware attacks, thus protecting corporate infrastructure from being compromised. Controlling the flash drives that can connect to the USB ports prevents system infection, while data encryption ensures that it is safe from unauthorized access. Furthermore, since the control and encryption mechanisms only permit recognized and pre-approved devices to connect to the system, they reduce the risk of malware infection, data loss, data leakage, and unauthorized copying of corporate data. 

 

Enhance Your Security Posture with Pulsar Cyber Shield and Custom Services

Pulsar Security offers cybersecurity solutions designed to bring maximum security benefits at minimal cost without sacrificing quality. We review all externally accessible points to identify any weaknesses. Additionally, Pulsar Security offers Dark Web assessments, helping you discover what data about your users and company is available on the dark web. Better yet, the Pulsar’s Sonar Wirelss unit protects against intrusion 24/7/265 by monitoring access point weaknesses to bring maximum security benefits at minimum cost. 

Learn more about our comprehensive array of solutions securing data, network and firmware configurations, and wireless networks. 

Corey Belanger

Corey Belanger

Corey is a Security Consultant and leads QA of product development, using his expertise in these dual roles to more effectively test and secure applications, whether while building enterprise applications or while performing penetration tests and vulnerability assessments for customers. An Army veteran with a tour of duty in Afghanistan, Corey has built a post-military career in security while earning Network+, Security+, GIAC Certified Incident Handler, GIAC Python Coder, GIAC Web App Penetration Testing, and GIAC Penetration Tester certifications. Corey is also a BsidesNH organizer and founding member of TechRamp, avenues which he uses to help others build their skills for careers in security and technology. Fun Fact: When not manning a terminal or watching the Bruins, Corey can often be found snowboarding or riding his motorcycle.

Subscribe for Updates