London businesses are currently playing fast and loose with their network security and need to implement watertight policies to ensure the security of strategies such as bring your own device (BYOD), according to security firm Sophos.
Sophos director of technology strategy, James Lyne, warned that many firms are leaving themselves open to attack based on the findings of Sophos' Warbike research. The project lasted two days and saw Lyne cycle across London scanning for wireless networks to create a 'heat map', showing the various levels of wireless network security around the city.
The project detected 106,874 individual hotspots during his journey down 91 miles of London's streets. Disturbingly, eight percent of the hotspots used no encryption and appeared to be both from home and business networks.
Lyne's research also revealed that 19 percent of the hotspots used the obsolete WEP encryption, while the remaining networks used more modern WPA or WPA2 encryption. But he went on to claim that even with the use of more modern network encryption, businesses are still leaving themselves vulnerable to hackers.
"There's a whole load of different configurations for enterprises. What's really interesting is that lots of mid-level organisations will actually end up having the WPA2 and passphrase protection as it's easy to deploy," Lyne told V3.
That means they are about as protected as the average home user, he added, something crooks will gladly exploit.
The use of consumer devices, like the Apple iPad, on corporate networks combined with firms' lack of consistent BYOD policies were highlighted as a particularly dangerous oversight.
"On enterprise networks, we still find guest networks, test networks so there are certain parts of the business that are configured like this. I've also found that lots of businesses will end up running in this configuration for things like iPads," said Lyne.
"So their main corporate Wi-Fi has lots of certificates and layers of authentication, per user credentials. You've then got this less secure network which is used for BYOD devices because it's harder to automatically configure or they don't support the same degree of wireless standard."
Lyne went on to warn that even when connected to external networks, BYOD devices could still pose a threat to corporate data.
"The iPad is a classic offender as they broadcast everywhere the names of networks they've previously connected to, not just the ones they're connected to right now," he said.
"If I connect to something like Starbucks that's fine, but if I connect to my corporate network I'm effectively walking around with something broadcasting something that may make me an interesting target when I'm away from the office."
Sophos' findings follow warnings from other security vendors that cyber criminals are developing new, more sophisticated ways to target businesses. Most recently McAfee revealed a marked boom in the amount of mobile malware in its Q2 2012 Threat Report.
Yeah, sorry about all that, simpers Zuckerberg
Vivaldi promotes DuckDuckGo search engine over Google over privacy concerns
Scientists say that strontium titanate could transform electronics
The wheels of justice grind surprisingly slowly