Portable USB storage drives give users a convenient way to move data between work and home, as well as among computers within an organization. This has been especially true during the COVID-19 pandemic, when stay-at-home protocols forced organizations to shift to remote or hybrid work spaces. That convenience has come at a cost.
That shift required IT administrators to develop new cybersecurity strategies for remote work to protect sensitive or regulated data in a much wider security perimeter. Organizations have expressed concerns that remote work makes them more vulnerable to attack and less capable of protecting company systems from malware.
The safety of data moving in and out of an organization on portable USB drives remains a critical focus in cybersecurity, both for remote workers and contracted employees. The importance of a secure USB policy is essential to protecting industrial control systems within our national critical infrastructure.
A new report by Honeywell shows that the risk of malware carried by USB portable storage devices continues to grow. In the last year, USB drive usage has risen 30% from 2019. USB-borne cybersecurity threats have more than kept pace, spiking 37% during the same period.
This trend shows the continued susceptibility of a cyberattack targeting the vulnerabilities of USB devices. “Adversaries are leveraging USB removable media as an initial attack vector, at which point they will attempt to establish remote connectivity to download additional payloads,” the Honeywell report concluded.
In early June, the White House issued a warning to American businesses to better protect against ransomware attacks by adopting security measures currently in place for government agencies. The warning came at a time of escalating attacks against critical infrastructure, including the Colonial Pipeline and a global food supplier, to name only a few examples.
The Colonial Pipeline attack, which disrupted services along the East Coast and briefly drove up gas prices across the country, has also led to new cybersecurity requirements for oil and gas companies. A security directive from the Department of Homeland Security requires the reporting of confirmed and potential cybersecurity incidents, and the appointment of a designated cybersecurity coordinator.
The seriousness of the threat posed by ransomware has even been compared to the challenge of global terrorism in the wake of the 9/11 attacks of 2001. “There are a lot of parallels, there’s a lot of importance, and a lot of focus by us on disruption and prevention,” said FBI Director Christopher Wray earlier this month. “There’s a shared responsibility, not just across government agencies but across the private sector and even the average American.”
Coordinated USB Security
Given the escalating risks associated with USB-borne malware and ransomware, organizations large and small need a sensible and comprehensive approach to data storage and endpoint security. SecureData has led innovation in the areas of hardware-encrypted removable storage, remote drive management, and port-blocking technology for more than a decade.
SecureData’s award-winning SecureDrive and SecureUSB devices provide organizations a FIPS-validated and totally secure option for portable drive storage in both managed and unmanaged options. SecureGuard also gives IT administrators complete control over which USB devices are allowed to connect to an organization’s Windows-operated computers by enabling whitelisting and blacklisting capabilities.