A Quarter of Organisations Fail to Enforce a Wireless Security Policy

A survey by Infosecurity Europe of 320 companies has found that 26% of organisations do not enforce a wireless security policy. Further to this, interviews Infosecurity Europe additionally conducted with a panel of 20 Chief Security Officers (CSOs) of large enterprises on the topic revealed that they are concerned about what the future holds for securing pervasive wireless technology.

Also the main concern is not about corporate users accessing a corporate wireless network from within their own buildings, the real danger occurs when users access wireless networks when they are out of the office and unwittingly connect to wireless networks that are insecure or even malicious.

According to Phil Cracknell, President – ISSA UK “The situation right now is that most businesses do not scan their perimeters regularly. This is of course essential if you have a policy of ‘No Wireless!’ to ensure it stays that way. It is equally important to scan for new devices, rogue access points and drifting client cards that might choose to connect to networks nearby for a variety of reasons.”

Phil Cracknell continues, “One thing is certain, the last six years of wireless development have brought massive change to the way we use computers and the way in which they can be exploited. Experts have said since the start, “This is nothing new, use the same principles to secure the technology,” but looking back I am not sure that’s entirely true. We have seen here, concepts and attacks, the likes of which cannot be paralleled. The same principles would have to be so high level they would not be relevant. We have to innovate and adapt to counter the new wireless threats. Who was it that said, “If you keep doing what you’ve always done you’ll keep getting what you’ve always got?”

At Infosecurity Europe 2007 the subject of wireless security will be covered in a number of keynotes and seminars. Phil Cracknell, UK President, ISSA will lead a keynote panel on Wireless Security with Andrew Rose Global Head of IT Risk, Clifford Chance and John Meakin, Group Head of Information Security, Standard Chartered Bank. The potential wireless threats are numerous - man in the middle, Evil Twin, MAC spoofing, Denial of Service attacks, rogue access points, honeypot access points, ad hoc networks and mis-configured access points. This session will look at the common pitfalls, the philosophies, policies and procedures that can be implemented to protect the workforce from these threats. The keynote, which is free to attend for Infosecurity Europe visitors, takes place at 1:30 pm on Tuesday 24th April 2007

Sam Jeffers, Event Manager for Infosecurity Europe 2007 said, “With nearly every laptop available on the market being wireless enabled, coupled with the demand from users to be able to access the internet anywhere anytime, wireless security is a hot issue. It is encouraging to see that the majority of companies are enforcing a wireless security policy, but for those who are unsure of the why and the how, Infosecurity has the answers with a great line up of top security experts and the most comprehensive gathering of information security solutions in Europe.”