The majority of South African enterprises are keenly aware of the dangers inherent in wireless networks – but most of them don’t have a plan for dealing with it.
Fortinet has completed a wireless security survey that compares South African responses with those from global enterprises, and found that the trends are reasonably similar around the world – with the exception of one point.
“A far higher percentage of South African IT decision makers recognise the wireless network as a serious risk point in their environment – 34% global respondents versus 71% in South Africa.
“I think many South African enterprises have suffered a huge amount of pain already,” says Perry Hutton, regional director: Africa at Fortinet. “Much of it is not publicised. In the US or Europe a breach becomes public knowledge quickly; in South Africa you can keep it under wraps unless the public gets hold of it.
“South African enterprises are aware of the problem, but only 29% of them have a plan, which is the same as the global survey.”
One of the main problems with wireless networking, Hutton adds, is that it is only recently that it has become pervasive.
“For the last 15 or 20 years we have put an effort into protecting the traditional, wired network. There is a high level of understanding around what’s required for a wired network.
“But, while we’ve had wireless for the last 10 years, it wasn’t really enterprise-level for much of that. But in the last five years, wireless networking has become paramount and its imperative to have security in place.
“However, many of the wireless vendors are not traditional vendors – so new vendors, don’t necessarily integrate with the wired network. That brings massive challenges to the table.”
Fortinet conducted a global survey in June, and has now conducted a survey on South Africa specifically, interviewing 103 CIOs from organisations of more than 200 employees.
A significant 16% and 21% of enterprises respectively, overlook firewall and anti-virus security functions when it comes to wireless strategies. Other security measures deemed critical to core infrastructure protection, such as IPS (deployed by 39%), application control (35%) and URL filtering (41%), play a part in even fewer wireless deployments.
When considering the future direction of their wireless security strategies, 56% of ITDMs said they would maintain focus on the most common security features – firewall and authentication while demand for more security is emerging with 22% prioritizing complementary technologies – IPS, anti-virus, application control and URL filtering – to guard against the full extent of the threat landscape.
Other survey highlights include:
* South African ITDMs said the biggest risk to their organisations of operating an unsecured wireless network is the loss of sensitive corporate and/or customer data, with 69% citing this as a concern (vs 48% of global respondents). The next highest risk, service interruption, was cited by 16% of ITDMs, followed by industrial espionage (7%), non-compliance to industry regulations (5%) and damage to corporate reputation (4%).
* 7% of ITDMs polled said their corporate wireless networks have no controls whatsoever for their guest or visitors access. The most common form of guest security access on corporate wireless networks is a unique and temporary username and password (68%), ahead of a shared username/password (20%), a captive portal with credentials (13%).
* Wireless infrastructure governed by a premise-based controller is a thing of the present according to the findings (56%) but this trend will change to cloud-based management as only 12% of enterprise ITDMs refusing to trust the cloud for such critical management in the future. Of the cloud-ready respondents, 47% would want to use a private cloud infrastructure for wireless management and 53% would outsource to a third party managed services provider. In addition, 20% of those considering outsourcing would only do so provided it is hosted in the same country, leaving 33% happy to embrace wireless management as a public cloud service regardless of geography.
Hutton adds: “South African IT decision makers are aware of the risks facing their businesses through unsecured wireless networks, and most feel they have taken steps to mitigate these. However, the threat landscape is evolving and attacks such as advanced persistent attacks will target multiple entry points, including the wireless network. There is no room for complacency when it comes to securing the enterprise.”
The findings come from an independent survey of over 100 South African enterprises in different sectors including financial services, public sector, health, retail, travel & leisure, manufacturing & construction, FMCG, telecoms & technology. All respondents were sourced from independent market research company Lightspeed GMI’s online panel.