Thumbs Up for Cybersecurity

Deep in the SWAG bag from last month’s conference, next to the pens and sticky pads but well below the cleverly-branded drink can insulators, lurks a quiet but deadly threat to your organization that even the little bottle of hand sanitizer is powerless against. And there are three more just like it hiding at the back of your top desk drawer. And one more in each of your kids’ backpacks. The kids, really? You put the kids at risk?

Thumbing Down the Internet Highway

A recent Wired article sheds some light on the ongoing security issues with USB technology, drawing specifically on the ever-presence of thumb drives. The problem is not typically the files you move to and from the drive. The real issue resides in the firmware that controls the USB connectivity and the malware that can be left embedded in that firmware even after you’ve cleaned the drive. That firmware is both necessary and malleable, leaving the invisible code at the heart of the technology vulnerable to malicious hitchhikers.

Practicing Safe Connectivity

The real danger is the community and mobility of USB technology. Malware can attach itself to firmware in both directions, import and export. The best response is the removal of thumb drives from your organization’s workflow, but that is easier said than done. An alternative is heightened vigilance in the use of USB technology, ensuring thumb drives have not come into contact with unknown machines. Don’t risk infection by sharing thumb drives with strangers. Be safe out there.

For more information, check out this presentation ICS President Steve Goldsby gave a few years ago, affectionately referred to as the Teddy Bear Attack.

ISO 9001 2015Technology Industry InnovatorsVeteran Owned Small BusinessCMMI Maturity Level 3CISSP® - Certified Information Systems Security ProfessionalCertified Penetration TesterITIL IT Service ManagementCertified Ethical HackerProject Management Institute CertifiedUS Department of Homeland SecurityDisaster Recovery Institute CertifiedCertified Information Systems Auditor