Despite widespread knowledge about the vulnerabilities Wi-Fi and Bluetooth can introduce, it appears a ‘head in the sand’ approach continues to reign amongst security professionals due to the lack of visibility and control, according to Bob Egner, Head of Product at Outpost24.
Outpost24 released their second instalment of results from the 2020 Internet of Evil Things report, which questioned more than 200 security professionals about the wireless security threats they feared the most and revealed 67% had no confidence that they could prevent a wireless attack.
This is particularly disturbing when considering the growing number of shadow IoT and wireless devices entering the workplace. With BYOD already a growing problem for enterprises, the number of IoT devices is expected to rise to 20.4 billion worldwide, which will notably increase an organisation’s overall attack surface. Therefore, it is no surprise that 71% of security professionals believe that they should be ramping up efforts to monitor and protect against rogue devices and access points.
The security experts surveyed also ranked the types of wireless attacks according the magnitude of threat they believe rogue access points were to their organisation. The highest-ranking threat was password theft at 62%, followed closely by Botnet / Malware at 60% and Man in the Middle attacks at 55.5%. However, these threats barely scratch the surface of wireless attack vectors, as other potential threats facing enterprises include denial of service attacks, eavesdropping, evil twins, Wi-Fi spoofing, and Bluetooth attacks, to name but a few. These results highlight the key fears facing security professionals who are self-admittedly concerned about modern wireless attacks.
Furthermore, most organisations admitted to either lacking visibility of wireless devices on their network or failing to enforce network access policy, as more than half (57%) of device purchases are not cleared by security teams prior to accessing corporate networks. Similarly, 53% of organisations do not know how many devices are connected to their network, while less than a third (30%) of businesses ensure that Bluetooth pairing, or wireless connection requires security authentication before gaining access to networks.
"On balance, we know security teams are short of time and talent. That may lead to a majority of organisations bypassing the necessary steps to proactively secure and monitor their wireless airspace, like they would and should for their wired networks comments", commented Egner.
For the professionals surveyed, almost two thirds (61 percent) regard BYOD as a serious threat to their enterprise, while 21 percent feared the attacks via IoT devices in the office which include printers, coffee machines, smart assistants and intelligent lighting. Unless wireless security is taking seriously, this concern of exploitable devices will only increase as the market grows.
Egner added, “With the threat of wireless network attack increasing every day, organisations must implement the tools to actively identify all BYOD, IT and IoT devices on the wireless network. Further they need to monitor for indicators of exposure and attack as part of their vulnerability management process to ensure they are not blindsided by the hidden attack surface wireless technologies bring.”