Imagine you work at a company which has a lot of confidential information stored in their workstation computers.
Now someone from outside the company enters the office , accesses a computer , plugs in a pendrive (usb memory stick) and starts copying data.
Now he/she has all the necessary information , unplugs the pendrive and no one will even know he/she accessed the computer and there is no log that proves a pendrive has been attached to the system.
I think this could be a great risk for companies , but what can you do about it ? Scan every pendrive they have ?