As you’ll note, the heading is a question. And it isn’t necessarily a rhetorical one. I’d be very happy for someone to offer a different opinion. Whilst crypto-lockers have garnered all the press recently, over the past twelve months the most common successful cyber attack methodology I’ve encountered has been the humble USB memory stick and its larger cousin, the portable USB Hard Drive. That’s because of the 25 cyber incidents I’ve responded to in the past year, all have been internal security issues bar three (that’s 88% for those keeping count).
Data loss has been the single largest category of those attacks, and invariably that involves a USB device of some kind. Most organisations have wised up to cloud storage facilities such as Dropbox and OneDrive and taken active measures to block data exfiltration through those methods. And sending lots of attachments via webmail is a pretty tedious process, particularly compared to visiting your local office supplies store, paying a few dollars and being able to copy most companies entire document repository in a matter of hours.
What’s more, most organisations don’t have systems in place to detect, alert and prevent the wholesale copying of their document stores. An alert network administrator may notice a spike in networm traffic but that presumes they aren’t the one doing it!
So what to do? That’s a question that doesn’t have a simple answer. Over the next few posts I’ll review some of the available options at all price points. Until then, please feel free to add your suggestions for the biggest cyber security threat posed by businesses today in the comments below.