A European-wide study by Motorola has found that two-thirds of firms use the same security measures for both wired and wireless networks.
The research was carried out by Vanson Bourne and spoke to 400 IT directors at companies with over 1,000 employees across the UK, France, Netherlands, Germany, Italy, Spain and Nordics.
The survey found that only 47% are using Wi-Fi Protected Access (WPA) or Wired Equivalent Privacy (WEP) to secure their networks and just 30% are using any form of wireless intrusion prevention system.
Speaking to CBR about the survey, Rik Ferguson, solutions architect at security firm Trend Micro, said that he is no longer surprised by revelations such as this one. “An unsecured access point (PA) is like a backdoor into a network,” he said. “It comes down to the fact that companies simply shouldn’t have an unsecured wireless network.”
Amit Sinha, fellow and chief technologist of Motorola Enterprise Wireless LAN, said: “Companies would be naive to use the same security mechanisms for wired as well as wireless LANs. Education is vital to improving wireless network security. Wireless introduced vulnerabilities in the corporate network that traditional security architectures cannot mitigate.”
The survey indicated that with many workers now operating remotely, outdoor networks and wireless hotspots in cafes are representing a greater challenge to enterprises. Just over half (56%) of companies feel that employees flout security measures by sending corporate data over completely unsecured wireless networks.
Ferguson echoed these thoughts and suggested that it is not just wireless networks that can cause security issues for companies, as wireless devices also pose a threat. “The latest iPod has 120GB of storage – that’s a lot of intellectual property that can be smuggled out of a company that way. No one would think twice about seeing an iPod lying on someone’s desk,” he said.
Sinha’s belief that education is vital to improving enterprise security was backed up by Ferguson. “The biggest problem facing data protection in general is complacency. It all goes back to education – it has to be the cornerstone of any security platform,” he told CBR. “It has to be a company-led initiative. Customers trust them with their data so that trust should be repaid.”
