Wireless Security a Top CISO ConcernExperts Offer Insights on Mitigating Wireless Network Risks
Among the multiple vulnerabilities seen in products and solutions around endpoints, messaging and applications; wireless networks are now the weakest links in an enterprise's IT infrastructure. There is rising concern over wireless security in organizations based in Asia Pacific and Japan.
In fact, a new study finds that insufficient wireless security has led to the loss of sensitive corporate data, industrial espionage and reputational risks to APJ entities.
This is among the findings of Fortinet's annual Security Census Report 2015, which was conducted in 12 territories in May by Lightspeed GMI. a market research company. The report suggests that CISOs and other practitioners must use the right controls to tighten wireless network security and avoid attacks that disrupt and capitalize on organizations' weakest links.
"Findings indicate that despite the growth in mobile strategies, wireless security has simply not been a priority for enterprises," says Rajesh Maurya, Country Manager for India & SAARC at Fortinet.
Information Security Media Group sought reactions to this report from security practitioners, asking them about their strategies for protecting wireless networks from growing threats.
"It would not be an exaggeration to say that enterprises are facing major risk platforms given the proliferation of 3G and 4G wireless and the lack of a monitor for discrepancies in these networks," says Gurgaon-based Mani Kant Singh R, CIO of Orbis Financial. "With a large chunk of employees moving into the mobility game with 3Gs and 4Gs, the wireless security that an enterprise would deploy will determine whether it addresses data privacy."
About 94 percent of the APJ security practitioners surveyed rank wireless networks as the most vulnerable; 77 percent find discrepancies in the endpoint security that contributed to the risk, and 92 percent are concerned about insufficient wireless security.
The trend is unique to APJ region, as worldwide only 49 percent of practitioners find wireless security to be a challenge.Jason Charles A. Nadar, Head of Wireless Networks at Fortinet, says that the challenge for Indian enterprises is a lack of basic wireless security within the organization. Only a few deploy authentication tools, he says.
Other challenges include the risk of operating an unsecured wireless network that results in the loss of sensitive corporate and customer data.
"About 55 percent of the respondents are worried about the loss of data, and a majority also state that the next highest risk is industrial espionage," Nadar says.
While a majority of security practitioners from India are concerned about loss of sensitive data due to unsecured wireless networks, worldwide data indicates that less than 50 percent of them find it to be a risk.
Cloud & Outsourcing
Over 73 percent of the teams in Asia believe that the adoption of the cloud would help control wireless discrepancies.
According to Nadar, "Advanced persistent attacks target multiple entry points, so security teams are looking at the cloud to lower security costs."
He believes that enterprises that intend to look at real-time wireless security would opt for the cloud option, and about 50 percent of the Indian organizations are looking at the hybrid cloud as part of infrastructure security.
According to Orbis's Singh, the hybrid cloud is a safe option from a BYOD standpoint and in securing overall enterprise architecture. He says that about 60 percent of organizations look at the cloud as an extended data centre where data is safe.
Another trend has been toward outsourcing wireless security. According to the study, 45 percent of respondents in APAC prefer to outsource to a third-party managed services provider, but that is hosted in the same country.
Darshan K B, Head of IT infrastructure and networks at Myntra.com, an e-commerce company, says, "While we have not opted for the cloud, the management is still evaluating its advantages. We have opted for a managed services model to place all our servers as it would reduce the risks of data leakage."
Most experts are still not convinced about the solutions available to secure Wi-Fi networks, as they do not find them robust enough to prevent risks and threats.
However, a meticulous approach to protect infrastructure against growing vulnerabilities has always been planned, they say.
Protecting Wireless Networks
Recently HP presented its Cyber Risk Report 2015, which also focused on the challenges arising out of mobility and wireless networks.
Experts argue that organizations must employ fundamental security tactics to address known vulnerabilities and, in turn, eliminate significant risks.
Jyoti Prakash, Country Director of India and SAARC countries from HP Enterprise Security Products, believes that many of the biggest security risks have been around for decades, leaving organizations unnecessarily exposed. "We can't lose sight of defending ourselves from these vulnerabilities by entrusting security to the next silver bullet technology," he argues.
The first step in wireless protection, Nadar recommends, is to ensure mobile device protection from malware and applications by creating a device footprint. This is in addition to structuring an authentication framework.
Darshan recommends the deployment of an effective Rogue APT detection and PCI DSS compliant security tool to block malware.
"It is important to create a wireless policy framework, deploy radius-based authentication tools and create SSID for non-official equipment that the employees bring in," says Darshan.
Experts argue that security teams should inculcate the discipline of providing guest security access on their corporate wireless with appropriate security controls.
Singh suggests a two-factor authentication system along with tokenization as a defence mechanism and the use of SIEM tools from an ISO standard perspective to enhance process efficiency in the networks and to help secure them.
"Adopting a wireless and security convergence framework helps in security wireless access points and ethernet access," says Nadar. "This would enable a single management console for WLAN and LAN that can help in preventing the use of rogue AP."