At a lively event in Rosebank, Fortinet lifted the lid on the state of wireless security in South Africa, based on a new locally based survey.

Suffice to say, what quickly became apparent is that freely available Wi-Fi does not paint a pretty picture for those who are security conscious.

The survey, which highlighted the main issues facing local wireless networks, reveals that insufficient wireless security is a concern for 71% of the Information Technology decision makers. This, explained Hutton, is hardly surprising, when one considers that 29% of the enterprise wireless networks put in place for internal employees do not have the basic security function of authentication, which requires a username and password, in place.

The findings were gleaned from 100 South African information technology decision makers (ITDMs) at organisations employing 250+ workers in a vast variety of sectors, All respondents were sourced from independent market research company Lightspeed GMI.

Perry Hutton, regional director for Africa at Fortinet, explained that while there are a number of surveys that emerge from Europe, many of these reflect global phenomenon and don’t necessarily pertain to the South African landscape.

Perry Hutton, regional director for Africa, Fortinet 

Other key findings include:

• According to South African ITDMs, the biggest risk to their organisations of operating an unsecured wireless network is the loss of sensitive corporate and/or customer data, with 69% citing this as a concern (vs 48% of global respondents).
• The next highest risk, service interruption, was cited by 16% of ITDMs, followed by industrial espionage (7%), non-compliance to industry regulations (5%) and damage to corporate reputation (4%).
•  7% of ITDMs polled said their corporate wireless networks have no controls whatsoever for their guest or visitors access. The most common form of guest security access on corporate wireless networks is a unique and temporary username and password (68%), ahead of a shared username/password (20%), a captive portal with credentials (13%).
•  Wireless infrastructure governed by a premise-based controller is a thing of the present according to the findings but this trend will change to cloud-based management as only 12% of enterprise ITDMs are refusing to trust the cloud for such critical management in the future.
• Of the cloud-ready respondents, 47% would want to use a private cloud infrastructure for wireless management and 53% would outsource to a third party managed services provider. 20% of those considering outsourcing would only do so provided it is hosted in the same country, leaving 33% happy to embrace wireless management as a public cloud service regardless of geography.

Awareness and yet inaction

Interestingly enough, South Africa appears to be much more aware of the problem associated with unsecured wireless networks, as global concern about the issue is a low 34%.

And yet, that awareness doesn’t necessarily translate into action, as it seems that while most are aware of the problem, few local companies are doing anything about it. Of those industries that are being proactive, banking ranks highly. In part this, Hutton explained, is due to the fiercely competitive nature of the industry.

However, most alarmingly is that hospitals are easy targets, especially an inbound patient will freely and out of necessity divulge a great deal of personal information in order to be admitted. Additionally, the lack of a virtual wall between the wireless network and the internal one makes it all too easy for hackers to gain access to all the information stored on the hospital’s server, including patients’ files.   

Soft targets

Another soft target is all too common to business and leisure travellers alike, with hotels that offer ubiquitous free Wi-Fi that hotel guests and visitors can readily tap into. Unfortunately, if connecting up to the free Wi-Fi it doesn’t require a username and password, the likelihood is that connecting devices are wide open to Wi-Fi intrusions and all the problems - such as malware - that accompanies it.

Hutton pointed out that for those adopting a cavalier approach to Wi-Fi security, this is expected to really show its ugly side with the onset of more machine to machine connections. What’s more, those aiming to breach a network’s security often don’t even have to be in the building, just being in proximity, such as parked outside it, could suffice.

Added to this is the fact cyberhackers appear to be going after not just financial information, but any sensitive information, which could be used for blackmail purpose or to ruin a company/individual’s reputation.

So, what’s the solution?

Part of the solution appears to be awareness about the security differences between free Wi-Fi and secured Wi-Fi networks, and thus education. Additionally, Perry stressed repeatedly that people need to take responsibility for their own devices, ensuring they have adequate protection and being more discerning about which Wi-Fi networks they conduct business on.

“South African IT decision makers are aware of the risks facing their businesses through unsecured wireless networks, and most feel they have taken steps to mitigate these. However, the threat landscape is evolving and attacks such as advanced persistent attacks will target multiple entry points, including the wireless network. There is no room for complacency when it comes to securing the enterprise,” he concluded.