Saturday, April 29, 2006

USB sticks on sale outside Bagram airbase, AP Smart phones, iPods and USB memory sticks are posing a real risk for businesses, warn security experts.

Just over half of companies take no steps to secure data held on these devices, found a UK government-backed security survey.

Now security firms are developing ways to help firms control access to the confidential data held on the gadgets.

They are also working on ways to stop the devices being used by viruses as a way to bypass other digital defences.

Data deluge

Figures from the Information Security Breaches Survey, which is backed by the Department of Trade and Industry, reveals how firms are struggling to control the growing use of USB flash memory sticks.

The survey found that 33% of firms tell staff not to use such devices but rarely do anything to change the configuration of PCs and laptops to stop people moving data around with USB sticks.

USB memory sticks, Lexar Only 10% of those companies interviewed for the survey encrypt the confidential data stored on these portable devices.

Dennis Szerszen, spokesman for security software firm Secure Wave, said in some sense the risk portable storage systems pose has been around since the emergence of the floppy disk.

"But," he told the BBC News website, "that was just 360 kilobytes of risk not four gigabytes that can be transferred in five minutes."

The popularity of MP3 players and digital cameras was also driving the development of a culture that is happy to carry around lots of data with them.

Few companies were mandating use of USB sticks but their usefulness was leading many people to carry and use them, said Mr Szerszen.

As a result, many USB sticks and other portable media devices now carried both private and business data. Vital business information, such as drug recipes or blueprints could easily be stored on a USB stick, he said.

Recently it was discovered that USB sticks full of US military secrets were being sold on market stalls in Afghanistan.

Mr Szerszen said Secure Wave has signed a deal with flash memory firm Lexar so that certain potentially dangerous uses of the hardware are logged and flagged by its security software.

Swapping sticks

Different ways to manage and monitor USB flash devices so they stay secure were on show at the Information Security trade fair held at Olympia in London from 25-27 April.

Some security measures encrypt data put on removable drives such as flash memory sticks and others just keep an eye on what is being transferred back and forth.

Matt Fisher, spokesman for Centennial Software, said USB sticks could also become an attack vector for viruses and other malicious programs largely because they are swapped between many different computers.

"Everyone expects a virus to come through the [e-mail] gateway," he said, "No one expects them to come in on a USB stick."

An informal survey by Centennial showed that 66% of people mislay USB sticks and that 60% of those devices have business information on them.

Mr Fisher said firms needed a way to manage the information being stored on these devices to ensure they keep copies of important data and to guard against it going missing by accident or malice.

By Mark Ward
Technology Correspondent, BBC News website
 
posted by Abu Miftah at 7:47 PM | Permalink |
0 Comments:


Subscribe in NewsGator Online Add to Google Add to My AOL
Subscribe in FeedLounge Add An American in Saudi Arabia to Newsburst from CNET News.com Add to netvibes Subscribe in Bloglines
iopBlogs.com, The World's Blog Aggregator Globe Of Blogs