IBM recently banned all removable storage, throughout the company; this is a new policy that aims to avoid financial and reputational damage from a lost or misused USB drive.
Shamla Naidoo, IBM’s chief information security officer, told staff in an internal email that the company “is expanding the practice of banning the transfer of data to all portable removable storage devices such as USB, SD card and flash drive”.
Some areas already had this policy but, “in the coming weeks we are implementing this policy around the world,” said Naidoo.
This new policy has a simple and well-justified objective in a world full of data breaches: “the possible financial and reputational damage due to lost, lost or misused extractable portable storage devices should be minimized”, the CISO clarified.
A while ago, Stuxnet was written to “jump” from one terminal to another through USB drives that move between them as attack vectors. Only some of the networks they targeted were isolated, which means they had no direct access to the outside world. To prevent such an event on their networks, information security professionals recommend specialized USB devices to prevent malware from being configured on USB drives.