USB storage devices are ubiquitous in organizations. Flash drives, external hard drives, and memory cards provide users with a convenient way to copy, store, and share data. However, these devices can also present risk to an organization’s sensitive data from careless and malicious users.
For example, attackers may target “curious” users through USB Drop Attacks where USB sticks containing malware are mailed to organizations or simply left on the ground near an organization’s headquarters.
Malicious insiders often use portable storage devices for data exfiltration. In a 2022 report by Ponemon, 50 percent of the respondents reported that malicious insiders used unauthorized external storage devices like USB drives to steal data. Examples are quite simple to find:
Security and IT professionals recognize the risk to sensitive data through uncontrolled use of these devices. Managing this with legacy DLP solutions can be challenging. Determining which users can access and move which classes of data using granular rules requires constant oversight and adjustments. This is difficult for large organizations and puts undue demands on mid-sized organizations with smaller security teams.
However, with the right DLP solution there are simple strategies organizations can adopt to protect against the loss of sensitive data via USB storage devices.
1. Device Control: Look for a solution that can enforce control over USB storage devices by implementing policies that allow or restrict their usage. Administrators can define rules to allow only authorized USB devices or block specific types of devices altogether. This prevents unauthorized or potentially malicious USB devices from being connected to the system.
2. Content Inspection: Use a solution that can scan the data being transferred to USB storage devices to detect or block the transfer of sensitive or confidential information. To be effective, this should not require pre-classification of data. Real time inspection and classification – as used in Reveal – classifies data as it is created and used.
3. Behavioral Analysis: At times, data transfers to USB devices are legitimate. Rather than requiring granular rules that result in inevitable false positives (and false negatives!), some DLP solutions can employ behavioral analysis techniques to identify unusual or suspicious activities. For example, if a user suddenly starts copying a large volume of sensitive data to a USB device or if they attempt to transfer abnormal file types, it may trigger alerts or actions to prevent potential data theft.
Next Reveal can distinguish between authorized and unauthorized USB devices to prevent users from mounting unauthorized USB drives that may contain malware and prevent users from copying sensitive information to unauthorized devices. In turn, administrators receive alerts when new devices are discovered, including CDs, DVDs, SD Cards, cameras, printers, wireless, and gaming devices.
Real time content inspection and classification on the endpoint identifies sensitive data such as intellectual property, PHI, and PII as it is created and used to block unauthorized users from moving it to USB-enabled devices while still allowing transfer of files locally. AI and machine learning on the endpoint allows Reveal to make faster decisions to train employees and stop data loss.
Importantly, Reveal helps educate users to make better decisions by providing incident-based training. Pop-ups reinforce corporate security policies and can require acknowledgement of corporate policies or block actions.
Want to learn more? Contact the data loss prevention experts at Next and see how easy it is to implement Reveal.
USB storage devices, like flash drives and external hard drives, present significant risks to organizations' sensitive data. They increase the risk of data exfiltration by malicious insiders, accidental data loss by negligent users, and potential malware infections from USB drop attacks, where attackers distribute malware-infected USB devices to unsuspecting employees.
USB drop attacks involve attackers leaving malware-infected USB devices in areas where employees are likely to find them, such as parking lots or near an organization's headquarters. Curious or unsuspecting employees may pick up these devices and connect them to their work computers, inadvertently introducing malware into the organization's network.
Organizations can adopt several strategies to prevent data loss through USB devices, including:
With device control, administrators prevent unauthorized USB devices by defining rules that only permit authorized USB connections. This can include blocking specific types of devices, preventing unauthorized or potentially malicious USB devices, and ensuring that only approved devices are used for data transfers.
A DLP like Next Reveal helps organizations control the devices in their systems through:
Incident-based training, including pop-up reminders of corporate security policies