The Role of USB Security in Combating Insider Threats
Enterprises are now more vulnerable to insider threats than ever before. A recent study by Gurucul found that insider attacks have become more frequent over the past 12 months, and 83% of organizations in 2024 reported at least one insider attack. Insiders can be current or former employees, contractors, partners, or vendors and data loss incidents can cost companies an average of $15M.
The increased USB device usage remains a significant vector for insider threats within an organization. Malicious insiders might install a keylogger or other malware strain within these devices to infiltrate the company’s network, steal sensitive data, or disrupt operations. In a presentation, Maya Horowitz, vice president of research at Check Point, also shared how major threat groups are using USB devices to bypass security and infect sensitive organizations. All this highlights the need for robust device control and monitoring. This blog post explores how maintaining USB security mitigates insider threats and fosters a secure workplace environment.
Why are Insider Threats on the Rise?
Insider threats present a critical challenge to organizational security. With the emergence of technological innovations and changing hybrid work environments, insider threats are on the rise.
A recent study found that 75% of cybersecurity professionals worry about the impact of adopting emerging technologies like generative AI tools, metaverse and quantum computing on insider threats as their misuse may amplify the threat capabilities. For instance, malicious insiders may exploit proprietary AI models using reverse engineering to steal sensitive data or algorithms. They can even bypass audit trails because the proprietary systems include custom logging and monitoring solutions, which are less secure than their counterparts.
Other technologies include various cloud services, software-as-a-service (SaaS) applications, or the internet of things (IoT). Implementing these technologies adds a layer of complexity and visibility gaps that expand the attack surface and make it challenging for the IT staff to identify and combat these threats.
Businesses also often focus on strengthening their security from external threats such as ransomware or social engineering attacks and underestimate the risk posed by insiders. This makes it easier for insiders to misuse the privileged access and engage in malicious activities.
Insider threats represent significant cybersecurity risks to organizations. According to Verizon Data Breach Investigation Report 2023, insiders steal data mainly for financial gain, ideological reasons, espionage purposes, or due to a grudge. Besides financial loss, these threats have other negative impacts, including loss of customer trust, operational disruptions, legal liabilities and reputational damage.
USB Devices: A Common Vector for Insider Threats
It’s amazing that a device as small as a USB device, which we often use for storing and transferring files and data, poses a critical threat to a company’s infrastructure systems. Malicious insiders can exfiltrate sensitive data from removable devices or introduce malware into the corporate network. The Honeywell USB Threat Report 2024 revealed that 51% of malware attacks targeted USB devices, marking a nearly six-fold increase from 2019.
Employees might also accidentally use USB devices to steal corporate data or introduce malware into the system. For example, a former South Georgia Medical Center employee was arrested for accidentally downloading patients’ private data from the healthcare systems to his USB drive. A day after quitting the job, the security software put an alert about unauthorized data downloaded by an employee, including patient names, date of birth and test results.
Insiders continue their attempts to obtain corporate data with the help of USB devices and have invented sophisticated ways to do so. Some of these ways are discussed below:
Keystroke Injection
Deliberate insiders can manipulate USB device firmware to act as a Human Interface Device (HID). They preload these devices with malicious scripts that mimic user inputs like typing commands. When plugged in, the USB will mimic a keyboard, bypass traditional security measures, and run harmful commands to spread viruses or disrupt an organization’s operations.
USB Drop Attacks
Also known as lost and found USB attacks involve placing scattered USB drives within or close to the company grounds from where unsuspecting employees will plug them into their computers. Once connected, these devices will execute malicious code or exploit vulnerabilities to gain unauthorized access to the internal network, resulting in data theft or taking remote control of the network.
USB-Drive By Attacks
In such types of attacks, the malicious insiders exploit the AutoRun or the AutoPlay feature, which is usually for user convenience. Such USB drives may contain different types of malware strain within the AutoRun files, which automatically installs on the victim’s system and compromise security.
The Role of USB Security in Cyber Defense
As insiders target removable devices to steal corporate data, the demand for maintaining USB security has become more crucial than ever. USB security can be best implemented using specialized device control software.
A USB lockdown software also known as device control software monitors and controls data transfer from endpoints to unauthorized removable storage devices and protects against insider threats and external threats. With the help of these tools, you can even monitor and control other external devices such as Bluetooth adapters, printers, or WiFi.
An important quality to look for in such centrally administered tools is security and authorization capabilities. For security, ensure the tool offers advanced encryption, time restrictions, monitor and log device usage and configurable policies.
All this gives administrators visibility of the environment and how protected the endpoints are. This is extremely important to companies operating in a hybrid and remote environment with BYOD policies. The software should be capable of generating reports about device usage, as this helps identify weak links during the auditing process.
One such advanced USB security solution is USB Lock RP which controls and locks down USB ports and protects data, particularly on Windows operating systems. By detecting the devices’ hardware ID and using advanced whitelisting features, it only allows specific USB devices and blocks the rest. This ensures that only authorized devices can connect to the system and prevents data loss and the spread of malware infection.
Beyond blocking unauthorized devices, it empowers administrators to enforce policies across multiple endpoints by logging device activities. Also, it offers robust encryption while data is transferred from the company’s system to the pre-approved USB drives. This prevents malicious insiders from accessing sensitive corporate data and maintains data security when data moves between the devices and the network.
Apart from USB Lock, there are many other software available too such as DeviceLock or Drive Lock but ideally, they’re not the same. Choose a tool that offers a balance of security, flexibility, compatibility and reliable customer support to avoid any hassle.
Best Practices for Ensuring USB Security in Organizations
Below are some of the best practices you can implement to protect against unauthorized usage of thumb drives:
- Scan of all devices connecting to the company’s network with a reliable antivirus or anti-malware software. This helps to detect and protect against malware and virus infections from external sources before they can cause any damage.
- Encrypt the data or files stored within USB devices to protect sensitive data from unauthorized access in the event of loss, theft and cybercrime. Encryption adds a layer of security and ensures that those having encryption keys will be able to view the contents of the drive.
- Disable AutoRun or AutoPlay features, as they can accelerate the automatic execution of programs from USB drives. Also, turning off such features or configuring them to prompt for action reduces the risk of malware infection.
- Warn employees about connecting personal USB devices to the company’s systems or drives that contain business data on their personal computers. This helps prevent data tampering, data theft and the risk of other external attacks.
- Develop and enforce a detailed USB device usage policy that specifies appropriate use, what type of data transfer is permitted, restrictions and incident response guidelines.
- Educate the employees about risks associated with unregulated removable devices and best practices for mitigation. By fostering a culture of security awareness, you can reduce the likelihood of insider breaches.
By practicing these safety measures, you can mitigate the dangers of insider threats that arise from USB device usage and secure business data.
Final Thoughts
While USB devices offer significant benefits such as ease of data transfer and portability, at the same time, they also pose substantial security risks. Malicious insiders can leverage these devices and infiltrate the corporate network which result in data theft, financial loss and damage to the company’s reputation.
However, you can protect yourself and sensitive business data from malicious payloads by using advanced USB security solutions and practicing appropriate security measures. By taking a proactive approach toward USB security, you can better defend against insider threats and strengthen your overall cybersecurity posture.
