Improving Security By Pulling The Plug On USB Ports
Shut the back door
In 2016, Researchers from the University of Illinois left 300 unlabelled USB drives around the campus and tracked what happened next. 98% of the dropped drives were picked up by staff and students alike, and at least half the drives were plugged into a computer to access the files stored on them – not bad odds if you’re a hacker. Although the study was conducted two years ago, its outcome is not unusual in 2018 and is a security backdoor that is still wide open for many networks around the world.
The reason is clear: practicality. There’s no doubt USB devices are one of the easiest ways to move files between machines. However, with the impact of suffering a cyber-attack so great, convenience can’t be a driver behind IT decision making. Especially not when cloud-based sharing platforms like Dropbox exist. Zero-Trust – which means no person or device is inherently trusted – is fast becoming the go-to security stance for enterprises as a result, and is a strategy that has no place for USB devices.
So, with the use of flash drives being tackled in this way, can businesses do away with USB ports entirely? Not quite. USB ports serve many purposes beyond simply facilitating the use of storage devices. Before they can be completely disabled on end-user terminals and removed from the IT landscape in the interest of security, there are further challenges to overcome.