Ubiquitous USBs - Leaving Millions on the Table

CSG & Cyberoam Endpoint Data Protection

Contents

USBs – Making Data Movement Easy Yet Leaky …………3

Exposing Endpoints to the Wild………………………….………3

Data Breach a Very Expensive Affair……….………………….4

Five Best Practices for Using Flash Drives……………………5

Cyberoam Endpoint Data Protection………………………….6

Conclusion……………….…………………………………………………6

USBs - Making Data Movement Easy Yet Leaky A USB or Universal Serial Bus, commonly called as a flash drive, has

revolutionized the way business data moves. Tiny and cheap but with a

storage capacity of up to 20 GB data for a few models, it is the most

convenient way of transporting data - no hassles about network access,

large files getting dropped by mail servers, availability of shared drives,

and more.

While all this implies the simplicity with which data can travel in flash

drives attached to endpoints, it also brings out a serious downside - data

on endpoints is exposed to leaks! With so many endpoints in an

organization, it is difficult to track who is taking your data, when and where

in that tiny, inconspicuous flash drive!

Exposing Endpoints to the Wild Flash drives spill insecurities into the system with their ability to bypass

corporate firewalls at the gateway. A user can store or download

applications like VoIP; Instant Messengers; tunneling software like PingFu

Iris and Surfnolimit that bypass firewall/proxy servers; unauthorized

browsers; and music downloading software on his flash drive. These

applications can run on his endpoint from the drive itself, enabling him to

override traditional IT administrative roadblocks. Unauthorized

applications enter the network in this manner, consuming bandwidth,

threatening network security and affecting network performance - making

the security policies protecting the network, ineffective. In some cases,

unauthorized applications may also bring along viruses and spyware that

siphon away data lying on the endpoints.

Flash drives can bring three categories of risks to an organization: - Data Loss - Data Theft

- Malicious code entry into the network

Data Loss

Flash drives are very easy to lose because of their small size. According to

a survey by Credant Technologies, almost 9,000 forgotten USB sticks were

found in people's trouser pockets by British dry cleaners in 2008 while

more than 12,500 handheld devices including flash drives are left behind

in cabs in London and New York every six months. These flash drives could

be carrying business plans, proprietary product information, product

launch plans, sensitive financial information, and more. For organizations,

this could mean faltering on regulatory compliance requirements that may

invite neck-breaking penalties, besides loss of customers and reputation.

The UK Government was forced to order an emergency shutdown of its

computer system when a USB containing confidential passcodes to the online

Government Gateway system was found lying in a pub car park. Its misuse

could have led to access of private details of 12 million people, including their

names, addresses, wages, National Insurance numbers and credit card details.

Below statistics show just how frequently companies are losing confidential data in a flash drive and thereby incurring a loss of millions of dollars!

percent of companies surveyed 52 have suffered data loss via USB drives and other removable media.

- Forrester Research

53 percent of companies acknowledge confidential data resides on flash drives

- The Ponemon Institute

53 percent of these companies would have no way of knowing what data was on the flash drive if it was lost.

- The Ponemon Institute

Since 2005, more than 245 million records containing sensitive personal information have been involved in security breaches in the

- Privacy Rights Clearinghouse

Data Theft

As flash drives make data movement easy, organizations are losing

gigabytes of sensitive information through employee actions like

inadvertent loss or unauthorized taking away of data. A Ponemon survey

revealed 90% of IT security practitioners believe portable mobile device

usage will increase security risks within their companies, highlighting the

threat from removable devices like flash drives to organizations. Another

report by Cyber-Ark showed 41% of the 600 workers surveyed admitting

to have taken sensitive information to their new job!

Malicious Code Entry into the Network

Flash drives are generally used without any protection against security

threats. Flash drives make it easy for cyber criminals to extract sensitive

data from organizations because of their extensive use in transferring

massive amounts of data and their huge storage capacity. Further,

ignorant users who use flash drives to install games and other software on

their PCs may be innocently installing malicious payloads into the system

that may wipe out a company's important data or disrupt its IT

infrastructure.

The US Army banned the use of USB drives after the SillyFD-AA worm,

which spreads by copying itself onto thumb drives and then automatically

runs or replicates when that drive is connected to a PC, infiltrated Army

networks. In another incident, the TGammima.AG worm infected a

computer on NASA’s international Space Station and it came in through a

USB drive. Both these worms help create backdoor entries into targeted

organisations for the internet criminals.

Data Breach through Flash Drives a Very Expensive

Affair!

The average organizational cost of a data breach has increased from $6.65

million in 2008 to $6.75 million in 2009, according to the Ponemon

Institute. A Ponemon Institute Customer Trust Survey states that

companies that suffer a breach of just 100,000 records containing personal

information are set to lose almost a third of those customers and also face

financial damages of around $23 million. This is excluding the indirect costs

following a data breach media coverage and public exposure that may

damage a brand, civil lawsuits, regulatory penalties, and more.

Five Best Practices for Using Flash Drives Although removal or complete blocking of USB ports will be the best

remedy against threat to corporate data, it will take away flexibility and

productivity of employees in trade-off. Here are a few methods that

organizations can employ to balance the benefits and threat of flash

drives:

1.Encrypt and Decrypt flash drives or files stored in a flash drive: Encrypt flash drives or confidential files while storing them on flash drives to limit unauthorized access to corporate data. Decryption controls enable organizations to abort attempts by an outsider to read sensitive data in case a flash drive is lost or stolen, keeping their data secure.

2.Enforce Flash drive Policies for Users:

Protect data against loss or theft by enforcing usage policies when employees use flash drives. This will help in controlling users while using or transferring data to flash drives.

3.Find out Who is Handling Sensitive Files:

Monitor who is handling sensitive files. Any anomaly in data access patterns can be extrapolated and confirmed through audit logs to take timely preventive action before data goes out.

4.Keep Your Security Solutions up-to-date

Security solutions like the firewall, IPS, Anti-Virus and Anti-Spyware protect the gateway and endpoints against entry of unauthorized applications, intrusions and threats like viruses, worms, spyware and more. Ensure that your security solutions are running up-to date to keep you secure against new and advanced security threats that may attack your sensitive data.

5. Allow only Whitelisted USB devices

Keep a centrally managed database of all flash drives issued by your organization to keep track of the use of these devices within and outside the network.

Five Best Practices for Using Flash Drives

1 .Encrypt/decrypt devices or files

2 .Enforce policies for use

3 .Find out who is handling sensitive files

4 .Update security solutions

5 .Allow only whitelisted USB

Cyberoam Endpoint Data Protection Cyberoam's Endpoint Data Protection offers flexible identity-based controls to encrypt and decrypt files or removable devices for individual users or groups. It protects corporate data by specifying 'read' and 'write' access policies when a user reads or writes data on classified USB devices. These identity-based policies remain effective even when a user is offline - at home or traveling.

Cyberoam Endpoint Data Protection creates shadow copies of selected files at the time of their creation, modification, transfer and print and saves them on the database server. Its removable storage logs give USB device description as well as plug-in and plug-out time details for a USB device. This information helps in investigating data theft incidences.

It offers centralized hardware and software management that allows organizations to keep track of their IT assets. Its Asset Management module protects them against unauthorized and illegal application deployment by users on their endpoints. Its automated Patch Management reduces malware penetration by keeping the system security up-to-date.

With Cyberoam Endpoint Data Protection, organizations can trace and control all removable devices at their endpoints. It enables them to allow access only to whitelisted devices and blocks the rest.

Conclusion Flash drives are the easiest and most convenient devices for carrying data. Their small size, easy affordability and simple plug and-play use have made them the most widely used device for data movement within and outside organizations. However, such easy mobility of data increases the risk of data loss and theft. Today, flash drives are being used by cyber criminals to gain entry into organizations to push viruses and worms that steal confidential data from them.

Enforcing USB device policies, encrypting data stored on flash drives, creating shadow copies and using only whitelisted flash drives are a few 'best practices' that organizations should implement to keep confidential data in their flash drives secure.

CSG COMPUTER SERVICES GROUP

BRIDGEND

BRISTOL

EXETER

T: 0845 051 5508

E: SALES@CSGRP.CO.UK

With Cyberoam Endpoint

Data Protection,

organizations can trace and

control all removable

devices at their endpoints