Half of UK companies are prepared to put their network security at risk by inserting a USB stick posing as a party invitation, according to research published this week.
IT consultancy NCC targeted finance directors from 500 listed firms in a range of sectors in a security awareness campaign, with USB sticks forming part of an anonymous invitation saying ‘For Your Chance to Attend the Party of a Lifetime’.
More than 47 per cent of finance directors and some 65 per cent of media companies inserted the unidentified memory stick into their computers.
Paul Vlissidis, head of penetration testing at NCC Group, says inserting the stick could have jeopardised sensitive information, such as personal details of customers and employees as well as confidential corporate financial data.
‘A real hacker could target the user’s credential using Trojan Horse technology and plant keystroke loggers to capture the user’s password,’ he said.
Technology, retail and transport firms showed themselves to be the most security aware, with between 38 and 39 per cent of finance directors inserting the memory stick.
Graham Titterington, principal analyst at Ovum, said: ‘USB sticks are a potential danger for taking data out as well as getting malware into companies.’
‘With USB sticks from an unknown source you should always run a virus check before you run any program.’
What do you think? Email us at firstname.lastname@example.org