Second annual report reveals 300 percent year-on-year rise in wireless networks; security remains pitifully slack
BEDFORD, Mass.— Businesses are continuing to invite cyber attack from hackers by failing to secure their wireless computer networks, even following the widespread debate around wireless security in 2002. The second annual report of WLAN research commissioned by RSA Security Inc. (NASDAQ: RSAS), the most trusted name in e-security®, has revealed the number of wireless networks deployed in businesses across London has grown 300 percent in the past year. However, security remains slack with an increase in the type of security liabilities, such as wireless-enabled laptops, increasing the risk for businesses to leak unencrypted data into the streets.
With a hand-held scanner, researchers were able to pick up information from company wireless networks by simply driving around the streets of London. Although conducted in London, RSA Security feels that the results of the research are generally the same for any city located throughout the United States. Following the same procedure and route as last year, the research identified that 63 percent of the networks surveyed were left on default configuration clearly identifying the company owning the data and where it was coming from. The latest technology also allows researchers to pinpoint the exact number of wireless network access points and wireless enabled laptops inside a business.
These findings reveal that businesses around the world are even more vulnerable to all kinds of malicious hacking techniques, from computer eavesdropping on company secrets; through to computer network disruption and launching denial of service attacks using the cover of the unsuspecting company.
The research, commissioned by RSA Security, and undertaken by research specialists Z/Yen Limited, was designed to quantify the extent to which companies’ wireless networks are insecure, providing potential access to hackers from their car or a nearby building. The research builds on last year’s report, which revealed that 67 percent of London companies with wireless networks were unprotected from cyber crime attack.
The research highlighted that many businesses are failing to:
- Effectively encrypt the data traveling across their wireless networks, enabling hackers to simply pluck company secrets from the air.
- Change default information on their systems that broadcast the company’s name, location and important technical information that can allow hackers to crack any encrypted network.
- Secure wireless network access points, allowing hackers to set up rogue access points to capture company information.
- Secure data on wireless enabled laptops, allowing penetration of local drives and company data.
“Strong security is always the starting point for any wireless business environment,” said John Worrall, vice president of worldwide marketing at RSA Security. “We have seen a proliferation in the use of wireless networks around the world, but the steps taken to secure these networks is still woefully inadequate. Businesses need to be aware that any investments they have made in securing their infrastructure can be negated by the backdoor being opened through the introduction of a wireless networks. By securing wireless environments with strong encryption and two-factor authentication, organizations can realize the full benefits of WLANs – including cost reduction and productivity enhancement – while reducing the risk of exposing mission-critical data and resources to unauthorized access.”
“RSA Security commissioned this research to raise awareness of the size of this security problem,” said Phil Cracknell, Z/Yen report author. “Z/Yen researchers stuck to the strict letter of the law in carrying out this survey and did not access any specific data but others clearly may not. Hackers could easily use this access to conduct cyber crime or to launch hacking attacks on other companies with complete anonymity.”
RSA Security and Z/Yen have produced recommendations for planning, configuring, implementing and operational best practices for using WLAN for businesses.
About Z/Yen
Z/Yen improves performance by enabling organisations to make better choices. We apply our Risk/Reward approach to people, strategy, systems and markets. Z/Yen believes that by intelligently managing risks, the activities of an organisation can be expanded and thus performance increased.
For more information on Z/Yen Limited, please visit www.zyen.com.
About RSA Security Inc.
With thousands of customers around the globe, RSA Security provides interoperable solutions for establishing online identities, access rights and privileges for people, applications and devices. Built to work seamlessly and transparently in complex environments, the Company’s comprehensive portfolio of identity and access management solutions – including authentication, Web access management and developer solutions – is designed to allow customers to confidently exploit new technologies for competitive advantage. RSA Security’s strong reputation is built on its history of ingenuity and leadership, proven technologies and long-standing relationships with more than 1,000 technology partners.
