Security vendors are increasingly surveying enterprises and quantifying the threats present on their networks, whether active or passive. This adds to the bigger picture on network security and helps end-user organizations get a better understanding on what their company is up against in terms of security. A recent comprehensive security audit conducted by an endpoint security vendor which surveyed 30 large organizations covering 193,000 corporate endpoints and servers revealed that 25,090 (13%) of the corporate PCs surveyed had unauthorized mass storage devices attached to them, opening the door to data leakage and the opportunity for USB-borne viruses, surveillance applications and Malware to enter the corporate network. While this was the single, most common potential threat, it was by no means the only one.

This may explain the wave of interest in device control applications and the increase in the number of vendors offering these niche solutions. However, corporations need to understand the other types of threats their internal endpoints are exposed to that can be as harmful as the USB threat in the same vein.

The below list shows other methods where classified data can leak out of a company or introduce malicious software into an organization:

• e-mail- both in the body of an e-mail, as an attachment or even a link
• P2P Applications
• Internet telephony service
• File Sharing applications
• File Transfers – FTP
• Shared folders enabling easy access by P2P applications
• Remote Control Applications
• Floppy disks or CDs

Further results showed that 7720 (4%) of the 193,000 audited corporate PCs had Peer-to-Peer (File Sharing and Instant Messengers) applications installed. 2895 (1.5%) did not have the latest Microsoft service packs, 3281 (1.7%) had their anti-virus client either turned off or out of date, 2316 (1.2%) were without required 3rd party desktop security agents and 1582 (0.8%) had unauthorized remote control software, with only a few of those showing thunauthorized and unprotected shared folders. These results indicate the prevalence of unauthorized software, rogue processes and endpoint security gaps that have the potential to explode into major security breaches if left unchecked.