That humping dog flash drive is a danger to the enterprise
One in eight malware attacks come via USB.
A security consultant I used to interview a lot told me a dumb-user story about a dotcom-startup client of his that took the long way around to identify the problem with a downed server.
Sysadmins spent at least an hour, he said, trying to unfreeze or reboot the server remotely before someone finally went into the back room to check that it was plugged in and realized someone had broken in through the outside door that opened in the server room, and walked off with the server.
Every day there are stories about security breaches, new bugs, new exploits, new products to counter the new bugs and exploits. We scan email and servers and run A/V on firewalls. We don't always think about what we might be overlooking.
One in eight malware attacks come from USB devices and viruses coded to get Windows Autorun to install them, according to a study from security software vendor Avast.
That's an unstoppable vector.
You're never going to get users to stop plugging in MP3 players or flash drives shaped like dogs, that upload unscanned files and act inappropriately when they connect.
The only thing you can do is scan the things as they come in. It's expensive (maybe not more expensive than not doing it, depending on how bad the malware) and difficult to set up and comes with more overhead than you'd like to run checks on everything that plugs into a computer inside the firewall.
It's also the only way to keep malware at bay that's been hand-carried though your firewall by employees you probably shouldn't trust. Users don't bring malware in on purpose, but IT has to behave as if they did. No matter how good your security systems, you still have to lock the door and make sure no one's walked off with the server.