1.USB Devices. The largest threat in the Promisec study was undocumented or unsecured USB devices. About 13 percent of the surveyed endpoints had them. This isn't just a theoretical concern. A 2005 Yankee Group survey found that 37 percent of the companies surveyed believed USB devices were used to compromise corporate information.
The source of the infection doesn't have to be an employee. A visitor, invited or otherwise, who gets access to a company computer can easily plug in a thumb drive. More elaborately, a computer security firm gained national attention in 2006 by loading 20 USB drives with password-stealing malware and scattering them in the parking lot and other likely locations outside a target company. Fifteen of the drives were found by employees, who plugged them in to see what was on them; in a matter of hours, the security company was getting a stream of passwords and other critical data. (The security firm was Secure Network Technologies. It was testing security at a client, and the incident was reported in a number of places, including June 7, 2006 on the Dark Reading Web site.)
USB device protection under Windows is pretty limited. Basically, you can only enable or disable USB on a system. Since USB is the default peripheral connection for Windows, this is extremely limiting. However, third-party software such as Sophos, Devicelock or Promisec removes this restriction by offering policy-based management for USB devices.
2.Peer-to-Peer File Sharing. Although unauthorized peer-to-peer (P2P) file-sharing programs are often forbidden by company policy, 4 percent of the surveyed computers had such applications installed. This problem is getting worse. Not only are more peer-to-peer networks making their way onto corporate networks, but computer criminals have started using them to compromise and take over computers wholesale.
According to security software company Prolexic, P2P networks are now being used to launch distributed denial-of-service attacks against corporate Web sites. The company says it has seen a kind of P2P-based DDoS attack called dc++ involving as many as 300,000 compromised computers.
Unauthorized P2P software can be a major path for information leaks. So much so that a Web site called See What You Share has been set up just to show off the kind of information leaking out of the government by file sharing - included classified documents.
Of course, P2P file sharing is also one of the primary methods of illegally distributing copyrighted material - which can be both expensive and embarrassing if the lawyers from the RIAA come calling.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.