USB drives ruled inherent threats to cybersecurity

USB drives ruled inherent threats to cybersecurity

USB drives have somewhat of a sordid past. While they have enabled countless people to conveniently transport data, they have generally been considered to be an enterprise security risk because of how easily they can be lost. A recent discovery made by security researchers regarding USB drive technology, however, has found that there is greater cause for alarm besides the possibility for misplacement.

USB drives have been revealed to lack security on a fundamental level. In reality, these devices are comparable to digital hypodermic needles – they easily contract malware that can then be distributed to every machine they are subsequently plugged into. Using a strain of malware known as "BadUSB" that was developed specifically for the experiment, researchers Karsten Nohl and Jakob Lell uncovered inherent, un-fixable flaws in the design of USB sticks.

"These problems can't be patched," said Nohl to Forbes contributor Gordon Kelly. "We're exploiting the very way that USB is designed… You can give it to your IT security people, they scan it, delete some files, and give it back to you telling you it's 'clean' but the cleaning process doesn't even touch the files we're talking about." 

Discovery will not deter employees from use
While the easy thing to do would be to ban these devices outright in offices, this is a task often easier said than done. The consumerization of IT has shown employees that they don't need tech staff to help them manage many of the machines and software they use on a daily basis. The unfortunate reality of the situation is that there is no way to enforce regulations of this nature.

But this does not mean that organizations can just give up and let workers do whatever they want. Companies need to have rules and training in place that will help foster positive habits. But there are always going to be a few people who believe that they are the exceptions, or even that just doing it once won't hurt anything. Because the chance for inadvertent infection is still so high, other measures will need to be taken.

Reboot to restore an effective line of defense
Any security strategy worth its salt has more than one form of protection and this goes double for cyberdefenses in the workplace. Advising employees on proper use of technology within the company is a start, but various kinds of software are going to be essential in order to cover the most bases. 

Thankfully, Faronics has a wide variety of assets that can be used to address mounting threats. A vast majority of computer problems can actually be rectified with a reboot, but in doing so most system settings are lost, forcing users to – in many instances – manually go through and get things back up to speed. This method is both time-consuming and unreliable, as human error has been the cause of many mistakes in the past. It's easy to overlook a setting that might be critical to other aspects of operation and security.

In order to ensure minimal downtime and maximum protection from modern threats, businesses should make Faronics Deep Freeze a cornerstone of their defense strategy. Deep Freeze takes periodic snapshots of system settings, allowing them to be automatically restored after a software-initiated reboot. This not only neutralizes many different kinds of threats, but also allows employees to handle their own issues without bothering the IT department. In turn, IT will have more time to handle company-specific concerns.

In the modern day, security issues are not a possibility – they are inevitable for everyone. It is important to recognize this and take the necessary precautions before a breach occurs.

About The Author

Scott Cornell

When he’s not knee deep in blogging and all things tech, Scott spends his free time playing ultimate Frisbee and watching foreign films. An expert in emerging tech trends, Scott always has his ear to ground for breaking news related to IT security.

Sign Up For A 30-Day Trial


Deep Freeze Enterprise

Centralized deployment and management as well as a host of configuration options for the Enterprise.

  • This field is for validation purposes and should be left unchanged.

Ready to find out more about Faronics? Let us know how to reach you.

We're here to help you in any way possible.