in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

BYOD Protection: Dutch Chemical Company Attacked With USB Memory Sticks

Cyber criminals have attempted to infiltrate a Dutch chemical company by "losing" USB sticks infected with malware in the company's parking lot.  Gives a totally different spin to the term "computer trojan horse" and shows how BYOD protection and security can be maximized if employees are properly educated.

BYOD: The Culmination of an Old Trend

Despite the fanfare -- or at least, attention -- that BYOD is receiving currently, the Bring Your Own Device trend is anything but "modern."  When you consider that laptops and external storage devices are also devices, the BYOD evolution started with the appearance of small, portable, and cheap flashdrives.

(Some might point out that laptops were at the vanguard but I disagree.  BYOD is about bringing your own device, and while laptops may have crossed the line first, your own laptop at work can be best described as an outlying event, not an actual trend.  The advent of pocketable, cheap devices is the true precursor to BYOD.)

Social Engineering and USB Sticks: Almost Win

According to elsevier.nl, several USB sticks were placed in the parking lot of DSM, a Dutch multinational chemical group.  The USB sticks were infected with programs that could cull usernames and passwords and send them to a specific IP address.  The plan failed despite its brilliance.

Brilliant, because most people who pick up a USB flashdrive will automatically stick it into a computer, be it for altruistic reasons (let's find the owner by taking a look at the data) or otherwise (let's wipe the USB stick and use it as my own).  The first DSM employee who did so, however, took the USB device straight to the IT department, where the malware was detected and the remote IP address with which the malware communicated was blocked.

Had it not been for a very conscious employee, there is a very good chance that whoever sprinkled these infected devices would have gotten an electronic foothold inside the chemical company.

Proper BYOD Security: Educating Employees Plays a Big Part in Maintaining Safety

Of course, this does not mean that DSM wouldn't have caught the malware (eventually).  I'm sure that in today's data security environment, a number of data loss prevention programs would have kicked in.

However, dealing with an infection after the fact is always less preferable than preventing the infection in the first place.  The above is the type of success story than shows how a multipronged approach to BYOD and data security is more beneficial and effective than just relying on technological solutions only.

Indeed, when you become aware of the many types of malware you can find in the wild (see this thread at slashdot.org for a number of eye-opening malware types that were found by forum participants), you'll see that preventing the malware infection in the first place is the best approach to data security.

And that requires that everyone do their part.

You could, of course, just turn off the USB ports on all computers and devices used by the company.  But, that would mean your company doesn't have a BYOD policy as much as a BYODBIWW policy (bring your own device but it won't work).


Related Articles and Sites:
http://translate.google.com/translate?sl=auto&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=http%3A%2F%2Fwww.elsevier.nl%2Fweb%2FNieuws%2FInternet-Gadgets%2F343610%2FCybercriminelen-doen-poging-tot-spionage-bij-DSM.htm&act=url
http://www.elsevier.nl/web/Nieuws/Internet-Gadgets/343610/Cybercriminelen-doen-poging-tot-spionage-bij-DSM.htm

 
<Previous Next>

Data Encryption and BYOD Passwords: Not Logging Out Is Authorization For Snooping?

Password Security: UK Spike In BMW Thefts Because Of Bad Security Implementation

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.