Wireless networks are a security time bomb

Businesses are facing a security time bomb from unencrypted wireless networks, a survey of 1,000 UK businesses due to be...

Businesses are facing a security time bomb from unencrypted wireless networks, a survey of 1,000 UK businesses due to be published later this month has revealed.

The DTI Information Security Breaches survey found that less than 50% of businesses are using encryption techniques to protect their wireless data transmissions from eavesdroppers.

Experiments conducted by Computer Weekly and I-Sec have shown that hackers armed with equipment costing a few hundred pounds can listen in to wireless network traffic from distances of several hundred metres outside company buildings.

Concerns about the technology have prompted at least one London company to abandon its wireless network project after engineers found they could log onto company systems in the office next door, the survey found.

Wireless network take-up is still low - only 2% of the companies surveyed currently have networks in place. A further 3% of organisations plan to implement wireless networks during the coming year.

But after several years of relatively slow uptake, public key infrastructure (PKI) security technology is now beginning to make a mark, the survey conducted for the DTI by PricewaterhouseCoopers revealed.

About one third of organisations that use EDI or e-procurement are now using digital certificates. Fifteen per cent of organisations that provide employees with remote computer access are also using digital signatures.

One large business switched from using secure access tokens to PKI, which was more expensive, after discovering that users were taping their tokens to their laptops. It found that digital certificates provided the same level of security but were more convenient for its staff to use.

"For the past five years people have talked about this year being the year of PKI. It has not really come through. But there are signs that this year could be the year of widespread PKI," said Chris Potter, partner at PricewaterhouseCoopers.

Biometric technology has yet to make an impact and is only being used by 3% of large businesses. A further 7% of large businesses plan to adopt biometrics in the coming year.

Concerns about cost, reliability and a lack of standard solutions are deterring organisations from investing in biometrics.

"One of the great worries about biometrics is false negatives/false positives. Will you let the wrong person into your organisation? In general, companies are using them as an extra layer of security on top of their existing security," said Potter.

The full results of the DTI Information Security Breaches survey will be revealed at the Infosecurity show on 23 April

[email protected]

Read more on Wireless networking