Identification, Infosecurity

Thumb drives not big security concern

By Alice Kok | 22 August 2008

As Director of Investigative Response at Verizon Business, Bryan Sartin believes virtually every data compromise can be traced back to something that victim did wrong – either in policy, process or technical implementation.

View photos

Related Articles

• India reviews coastal security
• Govt will not fight cyber security war alone
• Hong Kong tax office airs cloud security concerns
• ‘Private sector not a priority’ for Indian security forces

Related Categories

• IDENTIFICATION
• INFOSECURITY

From this Section

• NEWS

About the commonly feared security challenge of thumb drives, Sartin says the real threat of these small storage gadgets is much smaller than it is thought to be. “From a forensic point of view, they leave a conspicuous stamp on the system which is very easy to trace,” he says.

While not seeing thumb drive comprise that often, Sartin says partial insider such as vendors and contractors pose real danger to organisations’ networks.

“In many cases, the company would give one single vendor account for many people to use,” he says. “It is therefore very hard to find evidence of intrusion.”

One way to resolve this problem is what Sartin calls ‘cyber trap’, “the perpetrator might act again and they will be caught by the trap.”

Whenever the organisation allows a third party to connect, the network administrator needs to make sure that the party ‘doesn’t have the ability to connect whenever they want to’. “They have to maintain accountability every time someone accesses their data,” he says. “Third parties by default should not be trusted.”

“Don’t let third party connect to your network unless you specifically, explicitly require them to do so,” Sartin concludes.