Whether a USB stick or drive is accidentally lost by an existing employee, or even deliberately lost by a disgruntled employee, this story highlights a few key points of interest regarding USB sticks:
- Ongoing security awareness training is paramount. Not only should users be reminded to be careful about what they store on a USB stick, but they should also be aware that if they find a USB stick, to hand it in directly to their IT or security department. A USB stick can be made "bad" with pre-loaded malware that may call back to a bad actor, or further summon malicious activities on the host that the USB has been plugged into.
- The internal IT department should ensure that suitable USB sticks are used within the organisation and have some level of drive encryption enabled. Hardware encryption is preferred and some manufacturers even have a pin-code keypad for larger external USB disk drives.
- Having a strong data loss defence policy to not only monitor and log when a USB stick is inserted or ejected, but also to log which files were transferred.
- Monitoring regular and privileged users using UEBA (User and Entity Behavioural Analytics) and being able to correlate user activity with other potentially suspicious activity that ties the user back to data exfiltration to USB and so on.
On the flash drive were 76 folders of files, including security documents and maps of the airport. The maps included the location of every closed circuit television (CCTV) camera at the airport; routes and security protection measures for the Queen, Cabinet ministers and visiting foreign dignitaries; and maps of the airport's tunnels and escape shafts for the Heathrow Express train station.