Heathrow Airport USB Alert Highlights Insider Threat

A major security alert sparked when a USB containing top secret information on Heathrow Airport was found in a London street, highlights the risks associated with the insider threat and the importance of encryption, according to experts.

A man who found the 2.5GB storage device in a street in Queen’s Park plugged it into a library computer and found over 170 documents, some of which were labelled “confidential” or “restricted”.

The details included those of individuals exempt from security screening, radio codes in case of aircraft hijacking and the Queen’s route to the Royal Suite, which is located in a hidden part of the airport.

Other highly sensitive pieces of information on the USB included satellite images and operating manuals for the Doppler radar surveillance system used to scan runways and the perimeter fence, as well as the location of maintenance tunnels and escape shafts.

It’s unclear whether the storage device was accidentally left by a Heathrow employee or if the info on it was compiled by a terrorist planning an attack.

"The worry is it ends up on the dark web and used by bad guys to pick holes in airport security,” a police source told the Sunday Mirror.

Blancco Technology Group chief strategy officer, Richard Stiennon, argued that USB ports on enterprise endpoints should be strictly controlled and monitored, with only approved encrypted devices allowed to connect.  

“Another aspect to worry about when doing a complete data audit is where does the data end up? Are there copies of secret documents all over? Those should be sanitized,” he added.

“A comprehensive data santization policy and plan can address the trillions of gigabytes of so called 'dark data' that resides in organizations around the world.”

Micro Focus vice-president, Geoff Webb, also argued for encryption as standard.

“It’s simply too easy to copy information and walk out the door with it – or move it up to a cloud file sharing service – and if the information isn’t encrypted, the potential for loss is significant.”

Employee error accounts for nearly 60% of privacy privacy failures, according to Gartner.

Tony Pepper, CEO of data security firm Egress, claimed the incident highlights once again the insider threat to organizations.

"The unfortunate reality is that employees always pose a great data security risk. Organizations have to wake up to this fact, and do everything they can to mitigate the opportunity of inside threat,” he argued.

“In this instance, the data on the USB absolutely should have been encrypted, and companies should be doing everything that can do to ensure employees cannot access or take sensitive information outside of their company walls."

What’s Hot on Infosecurity Magazine?