More and more traffic is being carried via Wi-Fi networks, and as traffic figures rise, so do security concerns. Last year, 60% of mobile data traffic was offloaded onto the fixed network via Wi-Fi or femtocells – about 10.7 exabytes per month, according to Cisco’s Visual Networking Index. Cisco predicts that by 2021, 50% of all IP traffic will be Wi-Fi (30% will be carried by fixed networks and 20% via cellular networks).
Security for that traffic is becoming more important, particularly in as enterprises utilize Wi-Fi for business-critical services and applications. Here are three considerations for Wi-Fi security:
1. Consider IoT devices. As more devices get connected, the relationship of those devices to the corporate network or the open Internet has to be examined with an eye toward security.
“Without a doubt, the number one way that IoT devices are connecting to the internet is Wi-Fi,” said Ryan Orsi, director of strategic alliances at Wi-Fi security company WatchGuard Technologies. He said that customers are coming to the company asking how they can prevent devices such as security cameras, DVRs and other connected devices from being the next zombie recruits in a Mirai-botnet-like attack. While IoT vendors are bringing more and more devices to market at lower prices, Orsi noted, there are no security regulations around such devices outside of the Food and Drug Administration requirements for health-related devices. Some organizations such as ICSA Labs have been attempting to fill that gap by offering security certification for IoT devices.
Adlane Fellah, managing director of Wi-Fi360, said that the number one concern for IoT in an industrial environment is security, and that Wi-Fi can play a crucial role “to enable better securitization and easier securitization of IoT devices, so that [end users] don’t have to be programmers to make them safe and reliable — and that is as important for the home as it is for industrial applications.”
2. Consider that employees may find security work-arounds. When employees work both remotely and in the office, they need secure ways to access their applications or transfer files — or they’ll use unsafe ones, relying on public Wi-Fi or tethering to a personal LTE device to create an potentially unsecured Wi-Fi hot spot, for example. iPass’ 2017 Mobile Security report found that on a global basis, 75% of enterprises still allow or encourage the use of MiFi devices — but in France, 29% of businesses have banned them because of security concerns.
Rory Sanchez, CEO and president of IT professional services firm SL Powers, said that SL Powers has done a number of audits and found rogue APs that the enterprise under audit didn’t know about—not necessarily a malicious AP, but one that is open and unsecured. In those cases, Sanchez said, operational employees might simply set up their own APs for a specific purpose without notifying the IT department, leaving the APs outside the corporate firewall and potentialyl vulnerable.
At last year’s Republican National Convention, security company Avast set up a number of experimental, unauthorized Wi-Fi access points to see how many users would connect to networks with common names like “ATTWifi” or “Google Starbucks”. “Over the course of a day, Avast saw more than 1.6Gbs transferred from more than 1,200 users,” the company reported. “Moreover, 68.3% of users‘ identities were exposed when they connected, and 44.5% of Wi-Fi users checked their emails or chatted via messenger apps.”
3. Consider that some employees may be more vulnerable to attack than others. iPass’ mobile security report found that 40% of enterprises worry that their C-level executives could be hacked while using public Wi-Fi outside of the office.
“The grim reality is that C-level executives are by far at the greatest risk of being hacked outside of the office,” said Raghu Konka, VP of engineering at iPass, in a comment on the report’s results. “They are not your typical 9-5 office worker. They often work long hours, are rarely confined to the office, and have unrestricted access to the most sensitive company data imaginable. They represent a dangerous combination of being both highly valuable and highly available, therefore a prime target for any hacker. …
“Organizations are more aware of the mobile security threat than ever, but they still struggle to find the balance between security and productivity,” Konka added. “While businesses understand that free public Wi-Fi hotspots can empower employees to do their job and be more productive, they are also fearful of the potential security threat.”
Image copyright: lcs813 / 123RF Stock Photo
