WEAK WI-FI CONFIGURATION
The password for the Wi-Fi? It’s simply the name of our street.
COMPANY
Sector: Services
Size: 50 - 150
Location: Wallonia
FACTS & FIGURES
50 out of 55 users were affected.
Actions taken to avert the incident: None
How the business was affected: unauthorized access to confidential resources
STORY
Imagine a small-to-medium business in a vibrant neighbourhood in Wallonia. The space is friendly, open and so is the Wi-Fi. The password? The very name of the street right outside. Everyone around knows it. What’s the point of changing it? It’s always worked.
But you know where this is going. A password that everyone knows would seem to pose an obvious risk. It also seems to put us on a slippery slope toward a world where the only secure password is one that we change every week and that, hopefully, we remember.
A penetration test can be likened to a scheduled burglary. The objective is not to steal anything but to find weaknesses a real hacker might exploit. In this case, the weaknesses that were found during a routine test made it clear that the company was at risk from an internal threat. Anyone with basic skills could connect to the company's Wi-Fi and then... follow the infiltration plan.
INCIDENT OVERVIEW
A strong cybersecurity foundation relies on secure configurations. These configurations dictate not just how systems are set up but also how they're managed and connected. For your establishment to be secure, the boundaries of your network must be well defined. Yet many small businesses treat Wi-Fi security like a free lunch: it costs us nothing so far, and we don't miss it. Wi-Fi security is an important access point for your network.
This place's devices were free, but they were set up badly. The Wi-Fi network was a weak entry point. The password was common knowledge among nearby businesses and possibly known to anyone who had ever seen the place, in person or online. Once hooked up, there was no special guest network for the people now sharing this internal space. And there was no monitoring or logging in place.
BUSINESS IMPACT
Unfortunately, an unsecured WI-FI network doesn't just create a risk of intrusion, it also means that malicious actors can exploit the entire network, which is defenseless overall and just waiting to be attacked.
Once inside the network, it's possible to do a whole range of things, such as gain unauthorized access to resources without drawing attention to themselves, or retrieve sensitive information such as passwords or browsing sessions.
Weak access controls can breach the requirements of the GDPR, NIS2, or ISO 27001.
An insignificant misconfiguration can lead to a breach that causes clients to lose faith.
SECURITY MEASURES
Below you will find some ideas for setting up a secure network configuration:
Modify the account settings of the Wi-Fi to have strong, unique passwords, and make sure to alter them with some frequency.
Review and strengthen all related account settings regularly.
For a secure Wi-Fi setup, the networks should be divided into segments by creating different VLANs for people of varying trust levels to use.
Segments would exist for guests, employees, and those accessing critical sections of the infrastructure.
Ensure that Wi-Fi security is implemented at the enterprise level by using 802.1X for the act of confirming user identity (authentication).
Employ instruments such as Active Directory and Group Policy to administer configuration from a central location, ensuring consistent enforcement throughout the environment.
RESOURCES
