The head of Europols cybercrime centre, Troes Oerting, has warned that public Wi-Fi carries significant security risks, citing a rise in the number of attacks carried out over unsecured hotspots to steal user information, identities, money and passwords.
Oerting cautioned users on the BBC’s Click programme to not send any personal data across untrusted networks. In particular, he warned about hotspots set up by criminals to masquerade as legitimate public Wi-Fi hotspots. The technique can capture all passwords and direct users to malicious websites, leaving them vulnerable to malware and viruses.
Securing Wi-Fi from Hackers
Free Wi-Fi makes perfect business sense; few amenities are as valued by customers as free Internet access. But they are also enticing targets for hackers. A recent piece in Forbes charters this very dilemma:
“It takes zero hacking skills to surreptitiously monitor and/or hijack communications over a public Wi-Fi network. Widely available freeware makes eavesdropping on emails and web browsing as simple as pressing a button.”
“The proliferation of public Wi-Fi is one of the biggest threats to consumer data,” says David Kennedy, founder of information security firm TrustedSec. “A hacker can monitor the network traffic of an entire store with an iPad-sized device hidden away in his backpack.”
“The issue isn’t just that the networks are so easy to attack. With little public awareness that the threat even exists, users routinely expose valuable personal data over Wi-Fi hotspots, making the networks an even more attractive target.”
Protecting the enterprise against security threats
According to HP’s Enterprise Security Unit, enterprises are going to have to ‘think like a bad guy’ if they are to robustly secure enterprise networks. Compared to large enterprises that may have the capital to secure their enterprise gateways, the small-to-medium sized UK business is particularly vulnerable to security breaches.
A survey by the US-based Team Cymru’s Threat Intelligence Group has found that as many as 300,000 wireless internet routers worldwide have been subject to cyber-attack and hacking. Small Office/home office routers are particularly vulnerable to password guessing as well as brute force log-in attempts.
While routers and devices have come under scrutiny, human beings remain the weakest link in the security chain even in enterprise organisations.
The recent hacking of the US retail giant Target is case in point. Its data breach, which involved the leakage of 110 million customers’ personal data, began as an email-based phishing scheme. Hackers were able to gain access to the company’s corporate network via stolen credentials of a subcontractor.
The case underscores the need for employees and the general public to be cautious about the nature of public Wi-Fi, emails and networks when transmitting personal data.
Join Whitehall Media at our inaugural Enterprise Security and Risk Management conference on 25 March, 2014 at the Hotel Russell in central London. Our final agenda for the event can be viewed by clicking here.