SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Untitled design 2026 03 12t164733.768
#
Storage
#
Malware
#
Firewalls

Is the USB making a comeback?

Thu, 12th Mar 2026
By Jon Fielding, Managing Director of EMEA, Apricorn

When we talk about the USB as an innovation, many of us think to the 1990s. Released in the summer of 1998, the USB flash drive was a revolutionary replacement for floppy disks. The idea back then that these humble devices would continue to have a role to play in the age of cloud storage and wireless file‑sharing is strange to think about. Yet, not only is this the reality, but USB adoption is on the up. According to one market forecast, the USB flash drive market is predicted to grow 7% per year to reach $13.1 billion by 2030 – up from $7.6 billion in 2022. 

USBs have come a long way since those early models. Today's thumb drives are significantly more advanced, with drastically faster transfer speeds, significantly greater storage capacities (often in the hundreds of gigabytes), and versatile dual USB-A and USB-C connections. These features make them incredibly useful for consumers and organisations alike, offering real data transfer conveniences. However, for companies, the use of USBs today also brings a fear factor. 

USB drives unfortunately have the potential to introduce malicious software into an organisation's systems, with direct memory access attacks, debugging attacks, or alternative booth paths that can result in the loading of malicious code from peripheral devices all being risks related to USBS. 

For threat actors, USB drives provide the opportunity to bypass network perimeters. As a result, they have used them as carriers of malware to infect company computers and systems in a variety of ways. The USB Rubber Ducky is another attack vector, in which a tiny computer masquerading as a USB drive can execute pre-programmed commands when plugged into a device.

In response to these threats, many organisations have resorted to strict USB controls or even banned their usage altogether. However, that approach presents its own challenges. Indeed, years of "lock it down" policies have proven counterproductive, driving employees to use unapproved devices or resort to workarounds that simply lead to and exacerbate the risks from other attack pathways.

Ensuring the Safe Use of USBs

As a result, several security bodies are now providing advice that allow organisations to establish a USB strategy centred around managed flexibility, where the usage of peripherals is controlled, but not banned. 

The NCSC is a case in point, urging IT leaders to weigh business need against risk and to control how peripherals are used. Additionally, CSA Singapore takes a similar stance. In recognising both usefulness of USBs as well as the risks that they pose, it highlights some of the ways in which organisations can take a risk-based approach based on several key policies and protocols.

Looking at guidance from both security bodies, it is clear that there are several accepted best practices that organisations can adopt to enable employees to use USBs while managing the associated risks effectively.

Implement USB Device Controls

To reduce the risk of potentially malicious USB devices executing on corporate devices and networks, it's important to limit the access of unmanaged devices. To achieve this, firms should look to create a whitelist of authorised USB devices that are permitted to connect to organisational systems, while blocking all others.

Make Sure Those USBs Are Encrypted

It's also important to ensure that any company data on USBs doesn't get into the wrong hands. If devices holding sensitive information are lost or left in public places, encryption ensures that the next person to pick them up can't access that data and potentially leak it into the public domain. This is especially important in the era of remote working, providing employees with USBs that encrypt all data in an automated way to ensure it remains secure both at rest and on the move.

Monitor Usage and Sanitise Regularly

The CSA also advocates that organisations should scan USB devices with up-to-date antivirus software before accessing any files or executing any programs stored on them. Carrying out these scans regularly, as well as monitoring the usage of USBs, can help to detect and neutralise any potential threats, safeguarding systems from USB-borne malware infections.

Ultimately, USBs are useful devices for organisations and employees alike. With their adoption forecast to rise over the coming years, it's important that firms find ways to manage the associated risks without blocking staff from using them.

With the right risk-based controls, supported by encryption, monitoring and managed access, this can be achieved, providing enterprises with a balanced approach that protects systems while empowering people to work efficiently and securely.

Related stories
Vodafone & Google Cloud launch AI & security tools
Locai Labs deploys AI coding assistant at First Light Fusion
Infosecurity Europe adds AI summit amid cyber defence shift
ISACA launches AI risk certification amid governance gap
Cyber Essentials update raises bar on visibility gaps

Top stories

Zapier expands AI governance controls for enterprise users
Avatier launches offline card after Stryker cyberattack
Black Box Automation vs. Engineer Control: The partnership redefining Kubernetes FinOps
Automotive microcontroller market set to hit USD $15.1bn
BlackBox Hosting partners Everpure for sovereign cloud