Businesses are facing a security time bomb from unencrypted
wireless networks, a survey of 1,000 UK businesses due to be
published later this month has revealed.
The DTI Information Security Breaches survey found that less than
50% of businesses are using encryption techniques to protect their
wireless data transmissions from eavesdroppers.
Experiments conducted by Computer Weekly and I-Sec have shown that
hackers armed with equipment costing a few hundred pounds can
listen in to wireless network traffic from distances of several
hundred metres outside company buildings.
Concerns about the technology have prompted at least one London
company to abandon its wireless network project after engineers
found they could log onto company systems in the office next door,
the survey found.
Wireless network take-up is still low - only 2% of the companies
surveyed currently have networks in place. A further 3% of
organisations plan to implement wireless networks during the coming
year.
But after several years of relatively slow uptake, public key
infrastructure (PKI) security technology is now beginning to make a
mark, the survey conducted for the DTI by PricewaterhouseCoopers
revealed.
About one third of organisations that use EDI or e-procurement are
now using digital certificates. Fifteen per cent of organisations
that provide employees with remote computer access are also using
digital signatures.
One large business switched from using secure access tokens to PKI,
which was more expensive, after discovering that users were taping
their tokens to their laptops. It found that digital certificates
provided the same level of security but were more convenient for
its staff to use.
"For the past five years people have talked about this year being
the year of PKI. It has not really come through. But there are
signs that this year could be the year of widespread PKI," said
Chris Potter, partner at PricewaterhouseCoopers.
Biometric technology has yet to make an impact and is only being
used by 3% of large businesses. A further 7% of large businesses
plan to adopt biometrics in the coming year.
Concerns about cost, reliability and a lack of standard solutions
are deterring organisations from investing in biometrics.
"One of the great worries about biometrics is false negatives/false
positives. Will you let the wrong person into your organisation? In
general, companies are using them as an extra layer of security on
top of their existing security," said Potter.
The full results of the DTI Information Security Breaches survey
will be revealed at the Infosecurity show on 23 April
bill.goodwin@rbi.co.uk