Are you taking wireless security seriously?
Kenny Soutar, ANZ Country Manager for Fluke Networks, explains why venue managers need to take cyber threats more seriously and not leave it solely in the care of IT security providers.
With IT security breaches on the rise, the hospitality sector is at particular risk. This means that the ‘good enough’ approach needs to go.
While no organisation deliberately ignores security threats, relying on the security features of access points or other wireless infrastructure components is no longer sufficient, as they are incapable of detecting all types of threats across every channel.
For venue managers on a single site or managing multiple premises, with staff on-site and off-site sending confidential information over wireless infrastructure, any gap in security is a threat. Cyber security is increasingly becoming a greater threat to governments and businesses alike, with hackers becoming smarter every minute.
In 2014 alone, 42.8 million security incidents were detected globally1. Security incidents are now so commonplace that, when compared with the growth of annual GDP and mobile phone growth, global security breaches are growing at double the rate at 48 percent2. When considering that an estimated 71 percent of security compromises go undetected3, the scale of the issue is put into sharp focus. Hacking attacks are becoming more sophisticated, security breaches and the potential damage they inflict are only getting worse and hackers are getting more confident. Now is the time for venue managers to take control before their IT systems become compromised.
Ramifications of data breaches
The financial ramifications of security breaches alone provide enough impetus to implement more stringent approaches to security monitoring. Financial impacts include decreased revenues, disruption of business systems and regulatory penalties, as well as erosion of customers4.
Beyond the financial impacts, the effects of a security breach can include reputational damage, pirating of products, theft of business and manufacturing processes, and loss of plans such as merger and acquisition activity, and corporate strategy. Security breaches can completely bring a business down with one fell swoop.
Many organisations have the ‘good enough’ approach, which encompasses the ‘no one would be interested in stealing our information’ attitude. This attitude has got the better of some organisations that have faced a cyberattack. The pervasiveness of the problem isn’t going away and the ‘good enough’ approach just doesn’t cut it anymore.
Good enough no more
The ‘good enough’ approach presents several challenges including:
- Inadequate threat detection. Most access point security features perform only part-time scans of 44 standard Wi-Fi channels, when there are 201 non-standard extended channels where threats can hide.
- Lengthy threat update cycles. Access point solutions require firmware updates to respond to new threats, often taking months to release. They also require downtime to install, creating significant security gaps.
- Limited performance reporting. Many wireless security solutions provide only cryptic reporting that’s hard to decipher before taking action, increasing the burden on an already overloaded IT administrator.
- Minimal forensic analysis. It’s not enough to know a security breach has occurred. IT teams need detailed forensics to identify the root cause and eliminate it fast.
- Hidden monitoring gaps. Many wireless environments comprise multiple access point types and incompatible security features, creating holes in what the IT team believes is a comprehensive security system.
Five key IT security challenges for venue managers
- Multi-located workforce. Staff are often on-site and the data they have to worry about is often their clients’ data. Therefore, ensuring data transfer over wireless networks is secure from prying eyes is essential.
- People. We often underestimate the power of people and human errors. Human errors and system problems are responsible for the vast majority of data breaches. Furthermore, venues often work with a vast number of clients and suppliers. It is critical that their IT systems are secure as well.
- Money transactions. Organisations often deal with contractors and pay them based on timesheets and analysis. If that information gets corrupted, they will have major issues with employees, clients and even banks.
- Systems. Businesses often have their own systems and hand-held products. If a data breach happens and affects any of these, it becomes difficult to complete a job and could result in termination of a service level agreement.
- Health and safety. As technology is becoming intrinsic to much of our working lives, corrupted data could cause a raft of issues. For example, if a hacked device is saying that the electricity has been turned off when it hasn’t, making it seem safe to test wires, health and safety can be severely compromised.
Security practices must keep pace with constantly-evolving threats and security requirements. More importantly, IT security needs to be higher up on the business agenda for venue managers. A key part of this is the need for a dynamic response to wireless threats. As mobile data, mobile devices and security breaches continue their stratospheric climb, the ability to immediately identify all rogue wireless activities, regardless of network type, and enforce a ‘no-wireless’ zone is critical for organisations that deal with sensitive information, such as those in the hospitality sector.
1. The Global State of Information Security Survey 2015
3. Trustwave Holdings, 2014 Trustwave Global Security Report, May 2014
4. PWC, ‘Managing cyber risks in an interconnected world: Key findings from the Global State of Information Security Survey 2015’
This is an adaptation of an article that originally appeared in the August 2015 edition of FM magazine.