9 in 10 CIOs concerned over insufficient wireless protection
Over one-third of enterprises found lacking basic wireless security
INFORMATION technology decision makers (ITDMs) believe wireless networks to be the most vulnerable element of the IT infrastructure, according to a new survey from Fortinet.
Nearly half (44%) of respondents in Asia Pacific ranked wireless networks as most exposed from a security standpoint, in contrast to just 31% for the core network, the company said in a statement, citing its Wireless Security Survey.
The Fortinet survey also reveals that insufficient wireless security is a concern for almost all (92%) of the CIOs (chief information officers) polled.
This is hardly surprising given that more than one-third of the enterprise wireless networks put in place for internal employees do not have the basic security function of authentication in place, Fortinet said in its statement.
The Fortinet Wireless Security Survey polled over 1,490 IT decision makers at 250+ employee organisations around the world, Fortinet said.
All respondents were sourced from independent market research company Lightspeed GMI’s online panel.
Other survey highlights include:
Slightly more than half of ITDMs (56%) consider loss of sensitive corporate and/ or customer data the biggest risk of operating an unsecured wireless environment.
73% have adopted a cloud approach to management of their wireless infrastructure and 87% trust the cloud for future wireless deployment.
39% of ITDMs polled provide guest access on their corporate wireless networks; 13% of these organisations do so without any controls whatsoever.
Wireless networks at risk
According to the survey, wireless networks are ranked as the most vulnerable IT infrastructure, with the highest proportion of ITDMs (44%) placing it in their top two.
Respondents positioned wireless as significantly more vulnerable than core networking infrastructure, with just 31% of ITDMs ranking this highly.
Databases (25%), applications (18%) and storage (10%) infrastructures were considered amongst the least susceptible from a security standpoint.
In addition, 34% of global ITDMs polled do not have the most basic wireless security measure of authentication in place. A significant 25% and 36% of enterprises respectively, overlook firewall and antivirus security functions when it comes to wireless strategies.
Other security measures deemed critical to core infrastructure protection, such as IPS or intrusion prevention systems (deployed by 43%), application control (39%) and URL filtering (34%), play a part in even fewer wireless deployments.
When considering the future direction of their wireless security strategies, the majority of respondents said they would maintain focus on the most common security features: Firewall and authentication.
Demand for more security is emerging with 22% prioritising complementary technologies – IPS, antivirus, application control and URL filtering – to guard against the full extent of the threat landscape, Fortinet said in its statement.
Of the ITDMs surveyed, 88% are concerned their existing wireless security is not sufficient, with CIOs reporting the highest level of concern at 92%.
Despite deploying the highest level of security of all the regions surveyed, ITDMs across Asia Pacific are the most concerned about wireless security with 44% stating they are very concerned, in contrast with 30% in the Americas and 20% in EMEA (Europe/ Middle East/ Africa).
Globally, ITDMs reported varying confidence levels in wireless security – China tops the board with 71% ‘very concerned’ compared with just 13% in Japan.
The findings suggest that increased security awareness leads to higher levels of concern, with respondents in the top two ‘concerned’ countries (China and India) deploying more wireless security functions on average, than the two least ‘concerned’ countries (Italy and Japan), Fortinet said.
Risk of data loss
When asked to cite the risks of operating an unsecured wireless network, 56% of Asia Pacific ITDMs considered loss of sensitive corporate and/ or customer data as the biggest risk to their organisation, in contrast with the Americas at 45% and EMEA 42%.
The next highest risk, industrial espionage, was cited by just 18% of ITDMs, followed by non-compliance to industry regulations (10%), damage to corporate reputation (8.2%) and service interruption (7.2%).
Cloud management the norm
Wireless infrastructure governed by a premise-based controller is a thing of the past according to the findings, with on-site wireless controllers the least common form of management (27%), Fortinet said.
This trend for cloud-based management looks set to grow further, with only 13% of enterprise ITDMs refusing to trust the cloud for such critical management in the future.
Of the cloud-ready respondents, 55% would want to use a private cloud infrastructure for wireless management and 45% would outsource to a third party managed services provider.
17% of those considering outsourcing would only do so provided it is hosted in the same country, leaving 28% happy to embrace wireless management as a public cloud service regardless of geography.
‘Totally open’ guest access
39% of ITDMs polled provide guest access on their corporate wireless networks, with 13% of these organisations doing so without any controls whatsoever.
The most common form of guest security access on corporate wireless networks is a unique and temporary username and password (43%), ahead of a shared username and password (32%).
“The survey findings indicate that despite the growth in mobility strategies, wireless security has simply not been a priority for enterprises to date,” said Michelle Ong (pic), Fortinet’s country manager for Malaysia.
“As advanced persistent attacks increasingly target multiple entry points, and the cloud becomes more prevalent, it’s not an oversight organisations should risk any longer.
“It’s positive to see IT leaders beginning to recognise the role wireless security plays in protecting their critical business assets, yet there is more to be done.
“As IT strives to balance the need for strong network security with ubiquitous connectivity, wireless must be considered as part of a holistic security strategy to ensure broad and consistent protection for users and devices over wired and wireless access,” she added.
More on the survey
The Fortinet Wireless Security Survey was a research exercise undertaken throughout May 2015 by market research company Lightspeed GMI.
The survey was conducted online amongst 1,490 qualified ITDMs – predominantly CIOs, CTOs (choef technology officers), IT directors and heads of IT – at organisations with more than 250 employees.
12 countries participated in the survey: Australia, Canada, China, France, Germany, India, Italy, Japan, Hong Kong, Spain, the United Kingdom and the United States.
Basic security products don't cut it anymore: IDC
Policy framework a must for security today: IDC
Best practices for easing into enterprise mobility
Security needs to focus beyond networking layer: Oracle
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.