|
While most financial services institutions are extremely effective when it comes to protecting their wired communication networks, few today give wireless network access -- and in particular wireless local area networks (LAN), or WiFi -- the same level of security and attention, according to TowerGroup. The analysts say Wi-Fi, if not properly managed, will emerge as a channel of significant threat to reputation and customer trust.
"The first and perhaps the most onerous threat from Wi-Fi for financial institutions is rooted in faulty corporate IT strategy," said Bob Egan, research director of the TowerGroup Emerging Technologies practice and co-author of the research. "Institutions that choose not to support Wi-Fi officially are not immune to security threats via Wi-Fi technology. Though they may choose not to purchase and support devices like laptops with embedded Wi-Fi capability, employees may still own and use such devices."
Highlights of the research include:
- Employees at financial institutions are likely to be experienced Wi-Fi users, given that the number of home-deployed Wi-Fi access points in the United States alone stands at over 65% of households equipped with broadband capacity (whether by cable modem, DSL, or even fiber).
- Less than 10% of Wi-Fi installations within these 14 million-plus households have even a basic element of security activated.
- Whether or not a financial institution has an officially-sanctioned wireless element built into its overarching IT strategy, its networks must deploy both a wireless intrusion detection system (IDS) and intrusion prevention system (IPS).
- Evaluating the range of Wi-Fi security solutions offered by technology vendors requires considering a number of critical factors, including total cost of ownership, ease of deployment, ease of use and alert functions. The overall effectiveness of threat assessment and mitigation is high for all these vendors, but ease of deployment and use can vary highly. For example, TowerGroup recently gave AirTightNnetworks' SpectraGuard Enterprise product a high usability rating (10 of 10 points), while it gave the comparable product from AirDefense's a low usability rating (3 of 10 points).
- Of the three fundamental IDS/IPS architectures that exist (distributed systems, centralized management and analysis systems, and integrated systems), TowerGroup believes a combination of distributed and integrated systems provides the most effective solution for financial institutions. The tighter level of security offered by distributed systems is ideal for guarding the perimeter of an institution's facility, while an integrated system can be used to protect internal physical and electronic locations less likely to be exposed to visitors, contractors, or the outside world via the Windows OS and the Web.
Egan noted that while administrative tools to block Wi-Fi capability exist (e.g., tools that disable add-on Wi-Fi peripherals, such as PC cards and USB adaptors), this avoidance mentality is difficult to enforce and overlooks or ignores the remaining threats to security.
"Wi-Fi is dramatically changing the face of communication. Institutions must be prepared to change their information security policies and practices to respond to the reality that Wi-Fi devices employees are using on their premises may serve as unintended points of entry for security intrusions to their networks," he said.
"Remediation against Wi-Fi security risks starts with an acknowledgement that the risks exist," said Josh Kessler, analyst in the Emerging Technologies practice at TowerGroup and co-author of the research. "A forward-looking IT strategy combined with the right systems will enable an institution to benefit from Wi-Fi's advantages of flexible access and ubiquitous connectivity - while striking a balance between the cost of ownership requirements of an institution and its security responsibilities."
|