Last week in London, a man on his way to the library came across an abandoned, unlocked, and unencrypted USB drive. After viewing some of its contents on a public computer, he turned the drive over to a reporter with the Sunday Mirror. As Ars Technica reports:
“On the flash drive were 76 folders of files, including security documents and maps of the airport. The maps included the location of every closed-circuit television (CCTV) camera at the airport; routes and security protection measures for the Queen, Cabinet ministers and visiting foreign dignitaries; and maps of the airport’s tunnels and escape shafts for the Heathrow Express train station.”
“Other documents included a timetable for anti-terrorism patrols at the airport, a documentation of the ultrasound system used by Heathrow security to check perimeter fences and runways for breaches, and details of the types of identification required to gain access to secure areas—including those used by covert security personnel. There were also photos of the security facilities used by the Queen.”
This serious breach is being addressed as an imminent threat to public safety – I think that’s appropriate. As CSO of one of the world’s leading cybersecurity companies, what concerns me is that this data breach used the same exploit that we’ve seen countless times before: human error.
BlackBerry recently carried out a survey of IT professionals in the financial services industry and found that the most frequent instances of mishandled sensitive files was via accidental sharing, followed closely by the use of unapproved email and file sharing solutions.
Employees accidentally share things with the wrong people. Sometimes they lose sensitive data because it’s stored on an insecure laptop, phone or USB drive…
It’s one thing to define cybersecurity policies, but enforcing them is a completely different matter. When employees feel they need to circumvent policies to get their work done, no amount of technology can patch this vulnerability at Heathrow or anywhere else.
Come join us at the fourth annual BlackBerry Security Summit in New York on November 14 2017, and let’s discuss how we can address this cybersecurity blind spot. You can register here.