Honeywell released a report that over 40% of USB portable storage devices contain at least one risky file and over 25% of those threats could lead to operational issues. In 2018, IBM’s chief information security officer, Shamla Naidoo, released a statement focused on digital hygiene and IBM’s steps towards banning portable storage devices, including USBs. Similarly, the French National Assembly has worked to raise cybersecurity awareness with a similar aim to ban USB sticks during their meetings. With companies, and even countries, working to ban the use of USBs, it can be difficult for enterprises to know what decision they should make when it comes to USB policy. One way or another, enterprises need to address the issue and strictly enforce these policies to avoid catastrophic breaches. Recent security breaches and mishaps with USBs should serve as a warning to enterprises still using them freely and without restrictions.
Edward Snowden
In recent years, the way the US government handles sensitive documents has come under scrutiny. This enhanced scrutiny comes, in part, from the actions of Edward Snowden, a systems administrator contractor for the NSA. Using simple USBs, Snowden was able to copy sensitive information about a government surveillance program called Prism and leak it to the media. Snowden’s case serves as a lesson for companies around the world. Without proper endpoint security any company or organization could have sensitive data lifted with something as simple as a USB.