Darren Turnbull, Vice President of Strategic Solutions at Fortinet, looks at the top of security’s ‘most feared’ list – wireless.
Since its first foray as a valid network connectivity medium, Wi-Fi has always had suspicions raised around its security. In the early days, the classic question was: "Isn’t this the equivalent to putting a network point outside my building?"
That was over 10 years ago and we all seemed to overcome that concern fairly quickly. Now fuelled by the recent explosion of BYOD initiatives and the transition to cloud, wireless has made its way back to the top of the ‘most feared’ list when it comes to security.
According to our independent global study, which surveyed almost 1,500 IT leaders at mid-large organisations, wireless was viewed as the most vulnerable element of IT infrastructures, and 92% of CIOs believe their current wireless security set-up is not adequate for today’s threat landscape and mobile-first world.
If Wi-Fi has somehow managed to have "gotten away" with a less critical rep than its traditional networking or application counterparts over the years, it may be down to the complexities around ensuring its ‘usability’, with the sheer demand for quick, easy connectivity trumping any rising security concerns.
However, the threat landscape’s shift from connection-based to content-based attacks has made that security/usability trade-off argument obsolete. There are a whole host of attacks ranging from infrastructure-targeted threats from rogue access points, to targeting users with honey pots out there today.
But the recurring theme across securing Wi-Fi, more than any other infrastructure, is making it useable, simple as well secure.
You’re only ever as strong as your weakest link
With cybercriminals deploying more advanced targeted attacks and increasingly shrewd ways to manipulate individuals to bypass security, it’s never been clearer that organisations are only ever as strong as their weakest link. As an industry we have secured many important factors in the Wi-Fi communication process, so there is very little reason your weakest link should be the wireless network.
And yet all too often Wi-Fi security focuses solely on what may seem, logically at least, like the most vulnerable part: the link between client and access point or "the air". It’s not; it’s no longer safe to assume that once you are securely connected onto the network that your job is done.
Too many of today’s breaches occur because of a lack of focus across the spectrum of possible threats or attack vectors. Rapid innovation on the malware front, the exploitation of new zero-day vulnerabilities, and emerging evasion techniques can all render any single approach to security ineffective. In order to counter these increasingly sophisticated attacks, wireless security must bring together multiple security technologies and it must not be siloed, but part of your business’s wider IT security strategy.