Results from the annual RSA’s Wireless Security Survey 2007

As measured by the use of either advanced encryption or Wired Equivalent Privacy (WEP), London experienced notable improvement in the security of business wireless networks over the last year. In contrast, security levels in New York and Paris improved only incrementally. Over the course of the past year, use of wireless security measures in business networks increased as follows:

– In London – from 74 percent in 2006 to 81 percent in 2007;
– In New York – from 75 percent in 2006 to 76 percent in 2007; and
– In Paris – from 78 percent in 2006 to 80 percent in 2007.

The survey results raise concerns about the continued use of WEP, despite awareness of its limitations, but traction in the use of more advanced encryption options is encouraging. Across all three cities there was significant use of advanced encryption, as measured by the implementation of 802.11i and Wi-Fi Protected Access (WPA). In London, 48 percent of the secured business access points detected had implemented advanced forms of encryption. In Paris the figure was lower, at 41 percent, and New York was comparable to London at 49 percent.

The survey also measured the number of wireless networks still configured according to default, out-of-the-box settings – which can make it easier for attackers to find ways to penetrate a network:

– In London, 30 percent of access points still had default settings – a big slide backward from 22 percent last year.
– New York improved slightly, with 24 percent of access points using default settings, down from last year’s 28 percent.
– Parisian businesses and consumers are least at risk, with 13 percent of access points displaying default manufacturer settings, down from 21 percent last year.

Detailed reports for London, Paris and New York are available at http://www.rsa.com/node.aspx?id=3268