More than three-quarters of IT security professionals pick up and plug in USB sticks that they find.
According to a survey by AhnLab of 300 professionals at last month's RSA Conference, 78 per cent of respondents would plug in a USB flash drives that they found abandoned or lying around.
Brian Laing, vice president of marketing and business development at AhnLab, Santa Clara, said: “I am utterly shocked at these figures. For example, Stuxnet, one of the world's most sophisticated cyber-attacks, gained access to its target system through a ‘found' USB drive. The creators of the malware left infected USB drives near a uranium enrichment facility and someone picked it up and inserted into their PC. Stuxnet derailed the efforts of that nation to purify nuclear materials at its facility.
“I urge IT security professionals to begin practicing what they preach. This ‘it won't happen to me' attitude doesn't wash. It really does come down to the old mantra of combining people, process and technology – if you can get all three elements right, you are on track to a safe and secure environment.”
The study found that the USB drives often contained viruses, rootkits, bot executables, movies, music and other office documents. The survey also found that 68 per cent of respondents had been involved in a security breach, either at home, work or personally – with many relating back to the infected USB drives.