Heck, it might be game over if all the attacker does is remove existing hardware. Two years ago, disk encryption vendors were re-alerted to the fact that their software disk encryption programs could be circumvented by malicious hackers freezing the RAM memory and analyzing its stored contents on another computer. A different researcher proved he could retrieve encryption keys stored deeply inside the world's specialized Trusted Platform Module encryption chips.
This isn't news. Thousands of people around the world have known this for a very long time. You shouldn't be any more worried about it today than you've been over the past two decades -- at least until these sorts of vectors start to become popularly exploited. Most bad actors don't need physical access to your machine for exploitative actions. The fake antivirus programs and malicious email links are still working quite well and infecting tens of millions of users.
If you are worried that your assets are at higher risk of physical attack, let this column be your wake-up call and show it to management.
You can take steps to protect yourself. End-user education is always worth trying. Let your end-users know that anything they plug into their computer could launch malicious code. That free USB key at the conference show? They shouldn't plug it in, nor should they attach free mice, free keyboards, or whatever if they are at elevated risk of physical attack.
System configurators can disable unneeded ports in the system's BIOS or within the controlling operating system. Disabling in the BIOS is better; that way, OS-boot-around attacks can't succeed. Unfortunately, you can't disable every port. Make sure all the normal antimalware and computer security defenses are enabled. You may not stop the initial compromise, but you might be able to detect or stop the subsequent actions.
And until better solutions are discovered, you will have to live with some amount of physical risk.
The reality is that most of us are facing far more malicious risk from far less sophisticated attacks. Good computer security defense is about evaluating your current threats and knowing which ones to concentrate on.
This story, "Yes, even a mouse can infect your network," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes's Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.