Go ahead – plug that USB device into your machine!
Organizations – especially large enterprises – often have restrictions in place against using USBs. Their risks have been documented for years. This thread from 5 years ago talks about the risks of using USB over other media like CDs! The threats still prevail for USB devices today…and we no longer have CDs to mitigate those risks. So why can’t we trust USB devices?
1. Attackers love them
It’s a low-cost attack technique. Sure, it’s hardware, so it costs more than phishing, the most common method to breach the perimeter, but it’s still fairly cheap to acquire and the cost of a USB device continues to drop as they become more and more commoditized. A cheap 4GB thumb drive is just under 50 cents on eBay these days.
2. Easy to use
I’m no cyberattacker, but even I could figure out how to load malware onto a USB drive and get it into the hands of someone who would plug it into their machine.
3. They Work
People inherently want to make their lives easier and if that means plugging in a USB device to transfer a file, then they will do it. Attackers know this so they pre-load USB devices with malware and purposely scatter them in parking lots. Someone will inevitably pick one up and plug it into their machine. No matter how much cybersecurity education we do, the user is still our weakest link.
4. They’re Happening
You might be reading this thinking “this is old news – we all know that USB devices are risky which is why nobody uses them anymore”. It’s not old news though! Just last year Heathrow airport fell victim to a data breach caused by a USB stick.
5. Organizational policies don’t work
People always find workarounds and break corporate policy – especially when they aren’t enforceable.
It’s true – USB devices are still scary business. But as I said, it doesn’t matter. Why? Isolation.
With an isolation platform in place, you no longer have to make the binary decision to block or allow all USB devices. Isolation enables a secure-by-design architecture, so you can permit all USB devices, but dictate which isolated environment each specific type of USB is permitted to access. This ensures that “risky” USB devices cannot gain access to an environment with sensitive assets.