Wireless Adoption Leaps Ahead, Advanced Encryption Gains Ground in the Post-WEP Era

The number of wireless access points - including public hotspots and business networks - continues to rise at an explosive rate in the world's major financial centers, as revealed today by research commissioned by RSA, The Security Division of EMC (NYSE: EMC). The survey's findings also indicate that the call for stronger security in wireless networks is starting to resonate among businesses.

The largest year-over-year increase in wireless adoption was found in London, where there are 160 percent more wireless access points (APs) than in 2006. The percentage increase in New York was a substantial 49 percent; and in Paris, 44 percent. Looking purely at business access points, London also leads, with a 180 percent leap over last year, as compared to jumps of 57 percent and 45 percent New York and Paris, respectively.

Encryption improving - but data still at risk in city centers
As measured by the use of either advanced encryption or Wired Equivalent Privacy (WEP), London experienced notable improvement in the security of business wireless networks over the last year. In contrast, security levels in New York and Paris improved only incrementally. Over the course of the past year, use of wireless security measures in business networks increased as follows:

• In London - from 74 percent in 2006 to 81 percent in 2007;
• In New York - from 75 percent in 2006 to 76 percent in 2007;
• In Paris - from 78 percent in 2006 to 80 percent in 2007.

The survey results raise concerns about the continued use of WEP, despite awareness of its limitations, but traction in the use of more advanced encryption options is encouraging. Across all three cities there was significant use of advanced encryption, as measured by the implementation of 802.11i and Wi-Fi Protected Access (WPA). In London, 48 percent of the secured business access points detected had implemented advanced forms of encryption. In Paris the figure was lower, at 41 percent, and New York was comparable to London at 49 percent.

Yet as wireless access continues to become more pervasive, one-quarter to one-fifth of business wireless networks in three of the world's most important business centers remain wide open.

"As we evolve toward a 'wireless everywhere' world, we are witnessing enormous leaps in wireless connectivity, as highlighted by London's explosive growth in access points over the course of the last year," said Christopher Young, Vice President, Consumer and Access Solutions at RSA. "It is encouraging that almost half of all secured business access points are now using advanced forms of encryption, and we expect to see these numbers increase as awareness grows around the perils of operating inadequately secured wireless networks."


Default values lower the bar for unauthorized users
The survey also measured the number of wireless networks still configured according to default, out-of-the-box settings - which can make it easier for attackers to find ways to penetrate a network:

• In London, 30 percent of access points still had default settings - a big slide backward from 22 percent last year.
• New York improved slightly, with 24 percent of access points using default settings, down from last year's 28 percent.
• Parisian businesses and consumers are least at risk, with 13 percent of access points displaying default manufacturer settings, down from 21 percent last year.

Hotspots, compelling for their convenience, bring risks
Public hotspots continue to proliferate in the many places where people seek connectivity, such as coffee shops, airports and hotels. Last year's research detected 364 wireless hotspots on the London route; by 2007 this figure had risen to 461 - a 27 percent increase. In New York the annual growth rate was 17 percent, and 15 percent of all wireless access points were found to be hotspots - by far the highest percentage across the three cities. In Paris, hotspots increased 37 percent and represented 11 percent of all access points.

Near these hotspots are significant numbers of unprotected business networks - that are clearly not hotspots, but still offer access to those who might accidentally or intentionally connect to them. This has added a new and disturbing dimension to the wireless security problem; the massive growth of hotspots for mobile users means that there are large numbers of mobile users who frequently seek connections throughout their travels. This introduces an even greater threat to businesses operating wireless networks with little or no security. Fueled by the availability and profusion of hotspots, mobile users expect to find wireless networks-and know how to connect to them.

For more information and a full copy of the survey, please go to http://www.rsa.com/go/wireless

Methodology
The research, commissioned by RSA, The Security Division of EMC, and undertaken by an independent information security specialist, was conducted as part of an ongoing study to quantify both the extent to which wireless usage is growing in the world's major financial hubs, and how many companies' wireless networks freely 'leak' data traffic into the street, providing potential access to hackers from their car or a nearby building.
The survey was carried out with a laptop computer and commercial software. The laptop and software scanner detected both broadcasting and non-broadcasting APs in the 802.11a, b and g frequencies. When devices were detected the software identified the channel, service set identifier (SSID) and other network information before disconnecting from that source. The software had no way of capturing or retaining the data content of sessions detected.

About RSA
RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world's leading organizations succeed by solving their most complex and sensitive security challenges. RSA's information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle - no matter where it moves, who accesses it or how it is used.
RSA offers industry-leading solutions in identity assurance & access control, encryption & key management, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit www.RSA.com