London businesses are currently playing fast and loose with their network security and need to implement watertight policies to ensure the security of strategies such as bring your own device (BYOD), according to security firm Sophos.
Sophos director of technology strategy, James Lyne, warned that many firms are leaving themselves open to attack based on the findings of Sophos' Warbike research. The project lasted two days and saw Lyne cycle across London scanning for wireless networks to create a 'heat map', showing the various levels of wireless network security around the city.
The project detected 106,874 individual hotspots during his journey down 91 miles of London's streets. Disturbingly, eight percent of the hotspots used no encryption and appeared to be both from home and business networks.
Lyne's research also revealed that 19 percent of the hotspots used the obsolete WEP encryption, while the remaining networks used more modern WPA or WPA2 encryption. But he went on to claim that even with the use of more modern network encryption, businesses are still leaving themselves vulnerable to hackers.
"There's a whole load of different configurations for enterprises. What's really interesting is that lots of mid-level organisations will actually end up having the WPA2 and passphrase protection as it's easy to deploy," Lyne told V3.
That means they are about as protected as the average home user, he added, something crooks will gladly exploit.
The use of consumer devices, like the Apple iPad, on corporate networks combined with firms' lack of consistent BYOD policies were highlighted as a particularly dangerous oversight.
"On enterprise networks, we still find guest networks, test networks so there are certain parts of the business that are configured like this. I've also found that lots of businesses will end up running in this configuration for things like iPads," said Lyne.
"So their main corporate Wi-Fi has lots of certificates and layers of authentication, per user credentials. You've then got this less secure network which is used for BYOD devices because it's harder to automatically configure or they don't support the same degree of wireless standard."
Lyne went on to warn that even when connected to external networks, BYOD devices could still pose a threat to corporate data.
"The iPad is a classic offender as they broadcast everywhere the names of networks they've previously connected to, not just the ones they're connected to right now," he said.
"If I connect to something like Starbucks that's fine, but if I connect to my corporate network I'm effectively walking around with something broadcasting something that may make me an interesting target when I'm away from the office."
Sophos' findings follow warnings from other security vendors that cyber criminals are developing new, more sophisticated ways to target businesses. Most recently McAfee revealed a marked boom in the amount of mobile malware in its Q2 2012 Threat Report.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago