Malicious or criminal attack is the most common reason
The cost of data leakage
(in $100 million)
Source: Ponemon 2018 Data Breach Cost Study
Types and ways of technology leakage
Portable storage devices are still a major security threat
How many people would connect a flash drive found on the street to a computer?
A USB drive found on the street is being used by an employee on a home computer
In 2011, the United States Department of Homeland Security US-CERT (United States Computer Emergency Readiness Team) conducted an experiment on security personnel. “How easily hackers can access the system through employees.” The experiment involved placing a USB drive in the parking lot of the security department and seeing if employees use it on an internal computer. What was the result? About 60% of them used a USB drive that was found on the ground, and 90% used a USB drive or CD with the official DHS logo on it. “Forgot all the risks of USB malware and used it on my computer.” The biggest security vulnerability is the “idiocy” of the employee.
One virus
Can cause catastrophic consequences
Two power plants from the United States infected with a virus using a data carrier.
Two U.S. power plant networks were infected with malware that spread via a USB drive plugged in by a subcontractor who wanted to inspect the manufacturing facilities.
The malware affected 10 computers in the turbine management system and caused system downtime, resulting in a 3-week delay in restarting the system. Industrial control systems are particularly vulnerable to the imminent threat of machine downtime or remote attack. The path of malware infection this time was the USB port, but all other open data ports were equally vulnerable.
One little act of thoughtlessness
The military resigns from data carriers
An example of a cyberattack aimed at destroying nuclear centrifuges is the attack by the Stuxnet worm, which infected the Supervisory Control and Data Acquisition (SCADA) system at Iran’s Bushehr Nuclear Power Plant. Via a USB drive, malicious codes spread throughout the internal network, infecting more than 60,000 PCs and bringing the plant to a standstill for two years.
Many companies, including power plants, the military, and others, have already taken action to ban the use of removable storage devices such as DISCS and CDs in order to increase cyber security.
Popular attack methods
This readily available product is designed to quickly draw power from a USB power source. When fully charged, it releases high voltage and burns all circuits, effectively “killing” the computer.
Criminals are looking for more and more new ways to infect the device, recently power cables that cause virus infection are very popular.
We encourage you to familiarize yourself with the podcast on cybersecurity in micro and small companies.
Physical Cybersecurity,
It's a necessity, not a choice.
There will be more and more such cases and the damage to companies will increase. Do you still think cybersecurity is just software?
