RSA® CONFERENCE EUROPE 2008/LONDON, U.K. - October 27, 2008 -
The seventh annual Wireless Security Survey from RSA, The Security Division of EMC (NYSE: EMC), is published today, and reveals the continued, dramatic growth of wireless networks in the world's major financial centres. The survey of London, New York City and Paris examines the proliferation and inherent security of corporate wireless access points, public hotspots and- for the first time this year- in-home networks.
Best practices in wireless security have never been more pertinent to businesses and consumers than they are today. In August 2008, an international ring of hackers was indicted in the United States for allegedly exploiting a number of businesses' poorly-secured wireless networks to steal more than 40 million credit card numbers.
"Clearly, in this era of unrelenting regulatory compliance and a sharp focus on effectively managing the risk to sensitive proprietary and customer information, it is more important than ever to close the wireless loophole and ensure that the countless investments being made in securing networks everywhere are not undone by leaving the back-door wide-open," comments Sam Curry, Vice President, Identity and Access Assurance at RSA.
Paris broke all the records with a 543% year-over-year increase in the number of wireless access points detected in the city. Growth in London and New York City, while still substantial, was slower than in 2007: in London the number of access points grew 72% (down from 160% last year) and New York City saw a rise of 45% (down from 49%). London retains its position as the 'most wireless city', however, with a total of 12,276 access points detected- exceeding the number we found in New York City by more than 3,000.
Public hotspots- designed to allow anyone with a wireless device to access the Internet on a pay-as-you-go or pre-paid basis- continue to grow in prevalence across all three cities, and in each case the growth of available hotspots accelerated significantly in 2008 compared with development in the preceding year. Paris saw the largest jump, with numbers increasing by over 300% and comfortably outstripping the comparative growth in New York City (44%) and London (34%).
However, New York City remains the leader in regards to its concentration of hotspots. At 15%, New York City is well clear of London where just 5% of wireless access points were found to be hotspots. In Paris, hotspots represented 6% of all the access points we located.
As in previous editions, the survey examined how many of the wireless access points detected were secured with some form of encryption (hotspots excluded). At face value, the 2008 results show some dramatic improvements in security practice here: in New York City, 97% of corporate access points had encryption in place- up from 76% last year, and by far the best results in the survey's history. In Paris, 94% of corporate access points were encrypted- although in London, 20% of all business access points continue to be completely unprotected by any form of wireless encryption.
However, with WEP- Wired Equivalent Privacy, the original wireless encryption standard- now discredited, the 2008 survey paid close attention to the types of encryption in-play, and the relative adoption of more advanced forms of wireless encryption, including Wi-Fi Protected Access (WPA) or WPA2. Overall, the adoption of non-WEP advanced encryption is encouraging. Paris once again led the way, with 72% of access points (excluding public hotspots) found to be using advanced security; however the numbers in New York City and London were more modest at 49% and 48% respectively, with a majority of wireless access points relying either on WEP or using no encryption at all.
"Such is the speed at which WEP can be routinely cracked that it barely constitutes paper-thin protection in the face of today's sophisticated hackers. We would strongly urge wireless network administrators to discount WEP as a viable security mechanism and upgrade to WPA- or stronger- without delay," continues Mr. Curry. "It is also critical that business access points are protected by encryption- even if the corporate network itself can only be accessed via an encrypted VPN. Not using WPA1 or WPA2 can leave the organizations involved vulnerable to whole classes of attacks against both access points and wireless client computers."
For the first time, the RSA Wireless Security Survey identified the number of personal wireless networks in evidence on the routes around London, New York City and Paris- and how secure they were:
Most impressively, home network users appear to be more security-savvy than their corporate counterparts. In Paris, 98% of in-home networks are encrypted- an excellent result- with New Yorkers just behind at 97%, followed by 90% of Londoners who have deployed encryption at home. Digging deeper on the types of encryption found within in-home networks:
"As wireless networks continue to improve in terms of speed, bandwidth, safety- and ubiquity- this is good news for businesses and consumers alike. However, the potential consequences of unidentified users and applications accessing sensitive, private information are simply too serious to be ignored. We look forward to seeing deployments of advanced encryption outpacing the adoption of wireless itself in the year ahead," concludes Mr. Curry.
For more information and a full copy of the survey, please go to http://www.rsa.com/go/wireless
The research, commissioned by RSA, The Security Division of EMC, and undertaken by a team of independent information security specialists, was conducted as part of an ongoing study to quantify both the extent to which wireless usage is growing in the world's major financial hubs, and how many wireless networks freely 'leak' data traffic into the street, providing potential access to hackers from their car or a nearby building.
The survey was carried out with a laptop computer and commercial software. The laptop and software scanner detected both broadcasting and non-broadcasting APs in the 802.11a, b, g and n frequencies. When devices were detected, the software identified the channel, extended service set identifier (ESSID) and other network information before moving on from that source. The software had no way of capturing or retaining the data content of sessions detected.
, a part of , enables organizations to modernize, automate and transform their using industry-leading , servers, and data protection technologies. This provides a trusted foundation for businesses to transform IT, through the creation of a , and transform their business through the creation of cloud-native applications and solutions. Dell EMC services customers across 180 countries – including 98 percent of the Fortune 500 – with the industry’s most comprehensive and innovative portfolio from edge to core to cloud.