Social experiment: 200 USB flash drives left in public locations
From the post:
Nearly one in five people who found a random USB stick in a public setting proceeded to use the drive in ways that posed cybersecurity risks to their personal devices and information and potentially, that of their employer, a recent experiment conducted on behalf of CompTIA revealed.
…
In a social experiment, 200 unbranded USB flash drives were left in high-traffic, public locations in Chicago, Cleveland, San Francisco and Washington, D.C. In about one in five instances, the flash drives were picked up and plugged into a device. Users then proceeded to engage in several potentially risky behaviors: opening text files, clicking on unfamiliar web links or sending messages to a listed email address.
“These actions may seem innocuous, but each has the potential to open the door to the very real threat of becoming the victim of a hacker or a cybercriminal,” Thibodeaux noted.
…
What I found missing from this article was any mention of the consequences for the employees who “found” USB drives and then plugged them into work computers.
Social experiment or not, the results indicate that forty people are too risky to be allowed to use their work computers.
If there are consequences for security failures, sharing passwords with Edward Snowden comes to mind, they are rarely reported in the mass media.
It is hardly surprising that cybersecurity is such a pressing issue when there are no consequences for distribution of deeply flawed software, no consequences for user-related breaches of security and almost always failing to capture and punish hackers for breaching your security.
Where are the incentives to improve cybersecurity?