Tests across 1,000 companies in the San Francisco area – conducted ahead of this week's
RSA Security Conference in the city – exposed widespread failures in wireless protection, even at financial services firms and government organisations.
That suggests that many IT leaders are still unaware of the risks posed by unsecured wireless networks, even after high profile cases of data theft, such as the theft of credit card details at TJX where 45 million customers had their details pilfered via the wireless network.
AirDefense found that 22 percent of the wireless access points it tested were unprotected. A further 30 percent only used Wired Equivalent Privacy, the weakest form of wireless protection.
In government organisations, an alarming 72 percent of access points were unencrypted or using WEP; in financial services the figure was 67 percent.
But the lessons from TJX have at least been taken on board by retailers. "Transportation and retail were head and shoulders above the other industries with proven methods of intrusion prevention in place," said Richard Rushing, chief security officer, AirDefense.