Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Most Companies Not Protected

WALL, N.J. -- Removable media devices now present the biggest threat to corporate security, according to research conducted at this year’s InfoSecurity Europe conference in London last week. However, the research conducted by Centennial Software found that four out of five companies do not have effective measures in place to protect against the threat these devices can pose.

Over 43 per cent of those questioned have no controls whatsoever in place to manage removable media devices, 27.4 per cent leave it to the manager’s discretion, and 8.6 per cent have taken the drastic step of introducing a company-wide ban. Only 16.4 per cent use endpoint security software to manage the potential risks effectively. This is despite a raft of recent media stories surrounding insider data theft using removable media.

But companies are not ignorant of the risk. In a significant development for Centennial’s annual “Security Attitudes Survey”, 2007 saw removable media devices rated by 38.4 per cent of respondents as the number security issue facing their organization. The risk has taken over from Web viruses (23.7 per cent) and malware / spyware (22.3 per cent) for the first time.

While more companies in 2007 said they do include removable devices in the acceptable use policies (63.4 percent versus 54.5 percent last year), with more USB sticks than ever in use on the network (65.6 percent regularly use USB sticks, up from 36.3 percent last year) it’s not enough to rely on a policy, according to Centennial.

“It’s long been recognized that human error leads to the majority of information security problems,” said Matt Fisher, vice-president at Centennial. “Leaving the use of removable devices at the discretion of staff exacerbates the risks posed by these devices – especially when a minority of employees may have reasons for wanting to steal or compromise data.”

Centennial Software Ltd.