Warnings on woeful Wi-Fi security
The survey, which studied industrial Wi-Fi networks in New York, San Francisco, London and Frankfort, concluded that companies are getting worse at keeping their wireless data networks secure, with a third of all companies not using even the most basic security features. That figure is worse than last year, when 15% of surveyed companies admitted to not applying basic security.
RSA Security, which commissioned NetSurity to conduct the survey, warned that as the popularity of Wi-Fi grows, industrial networks that aren’t secured will be detected and exploited. The survey also noted that many companies had failed to take such basic security precautions as reconfiguring default network settings.
Wireless or Wi-Fi networks have become hugely popular over the last few years and shows no sign of slowing, reveals the annual report which found an annual 66% growth rate in the number of wireless nets being installed in London and Frankfurt. Although most companies do take steps to turn on the security functions built into the Wi-Fi standard and protect themselves from attack, the survey found that a significant proportion were taking unnecessary risks. Many companies were simply turning on their wireless net access points and use default settings that anyone familiar with Wi-Fi could easily find out.
RSA says that 26% of Wi-Fi networks in London used default settings compared to 30% in Frankfurt, 31% in New York and 28% in San Francisco. Many users of Wi-Fi nets did not even turn on the encryption that scrambles data traffic between users and the access point helping them go online. This is despite a series of warnings about the dangers of "drive-by hacking" in which computer criminals walk or drive around city centers using easy to use tools to spot Wi-Fi nets.
"These figures are another stark warning to unsecured businesses to get their act together," said Phil Cracknell, chief technology officer at NetSurity.
As more public Wi-Fi hotspots appear and people become more familiar with using them, it's getting more likely that insecure networks will be found, warned Mr Cracknell. "Accidental or intentional connection to a corporate network can bring with it a series of security issues, including loss of confidential data and installation of malicious code," he said.