Organisations are ignoring the risk of using unencrypted USB drives, despite the fact that around 62% of businesses have lost confidential data because of missing USB drives in the last two years.
This is according to a Kingston Technology study, conducted by the Ponemon Institute. According to Kingston, organisations fear that any attempt to control a USB device is likely to be futile and costly, both in terms of budget and loss of productivity.
Grant Rau, Kingston Technology SA business development manager, explains that risk and security officers often overlook USB. “This major vulnerability can be exploited by staff, competitors and criminals to share data with external parties.”
He warns that as USB flash drives begin to flood the market and workers become more mobile, companies will need to invest in encrypted USB drives and enforce USB port policies.
According to Wolfpack Risk and Craig Rosewarne, founder of the Information Security Group Africa, the biggest challenges to information security include preventing data leakage, insufficient budgets and a lack of commitment from senior management around information security.
“What is even more concerning is the probable ratio in the small to mid-sized sector of the economy, where companies are likely to have minimal controls in place and may be severely impacted by a major incident.”
Rosewarne adds: “Over 66% of companies indicate a substantial increase in security budgets for 2012.”
Rau explains that the adoption of USB flash drives and solid state drives is likely to increase, due to the escalating costs of hard disk drives (HDDs). In the past two weeks, HDD prices have jumped 100% and are expected to continue to rise. This was because of the recent floods in Thailand, which affected output at factories that account for about half of all global production.
The Kingston survey states that 26% of unsecured critical data on USB drives is customer data, 18% is corporate financial data, 16% is business plans, and 14% is employee information. In addition, 73% of employees are using USB drives without obtaining advance permission from the company, and 72% have lost USB drives without notifying appropriate authorities.
Share