The threat posed by portable storage devices

By | October 18, 2006

In a society where the use of portable storage devices is commonplace, the threat that these devices pose to corporations and organizations is, more often than not, ignored. This paper examines the nature of the threat that these devices present and the counter-measures that organizations can adopt to eliminate them.

In an on-demand society where individuals can easily access portable music players, PDAs, mobile phones and digital cameras, technological innovation has responded to personal needs with the development of electronic devices that include data storage capabilities. There is however a downside to this modern-day scenario; the misuse of these devices in a corporate environment can spell disaster to a corporation. The statistics are not encouraging: Amongst others, a 2005 CSI/FBI survey reports that the “Theft of proprietary information is up from $168,529 in 2004 to $355,552 in 2005”.

For these reasons corporations today are enacting security policies that regulate the use of these devices in the corporate environment. But is a security policy alone the best solution to mitigate the risks posed by portable storage devices? And what are the real risks associated with the uncontrolled use of portable storage devices?

Statistics demonstrate that 98% of all crimes committed against companies in the U.K. had an insider connection (Computer Crime Research Center, 2005). Data theft, legal liabilities, productivity losses and corporate network security breaches are all dangers that corporations have to face if malicious insiders or careless employees misuse portable storage devices at their workplace.

The actual act of stealing corporate data by insiders is quite simple in itself and today software that is easily available for download automates the whole process. Insiders need to just plug in the portable storage device on a corporate workstation and all data, including sensitive data is automatically copied, without any additional user intervention. This automated process, commonly known as Pod Slurping, is able to copy whole databases and other confidential records to a portable storage device in a matter of a few minutes.

Click Here to download the full article

Leave a Reply