Information has great importance for organizations in general, especially for the security
organizations, and should be adequately protected. Information exists in various forms: paper,
electronic information transmitted by telegraph, telephone, shown on film, etc.. No matter in what
form the information occur, it should be adequately protected in every moment because
information’s that are well protected minimize the damage that may occur.
Physical security is considered an integral part of information systems security. The idea that small
devices pose a security threat for enterprises is well established. On the other hand, consented and
supervised access to USB ports via USB flash drives is sometimes allowed. The large storage
capacity of USB flash drives relative to their small size and low cost means that using them for data
storage without adequate operational and logical controls can pose a serious threat to information
confidentiality, integrity, and availability.
Using USB flash drives can increase the risk of data loss (when a physical device is lost), data
exposure (when sensitive data is exposed to the public or a third party without consent), and
increased exposure to network-based attacks to and from any system the device is connected to
(both directly and via networks over the internet).
In the past years, 70% of businesses have traced the loss of sensitive or confidential information to
USB flash memory sticks. While such losses can obviously occur when the devices get lost or
stolen, 55% of those incidents are likely related to malware-infected devices that introduced
malicious code onto corporate networks.
This paper will highlight the security risks associated with the use of USB flash drives. It will
briefly explain some common types of attacks, and common necessary measures to mitigate or at
least reduced. As existing products evolve and new ones enter the market, you must use them with
caution, always considering their security features, possible vulnerabilities, and ways they could be
targeted by malicious attackers