Home > Wireless scanning > SMBs, WEP still a target for War Drivers

SMBs, WEP still a target for War Drivers

After the TJX breach, the PCI security council strengthened their wireless security standard in an attempt to prevent such catastrophic incidents from reoccurring.  While some of the largest retailers strengthened their wireless security, small and medium businesses need to take a look at their own security practices because they are just as susceptible, maybe more.  In its annual Data Breach Investigations Report earlier this week, Verizon said “criminals are increasingly hitting smaller businesses as it becomes harder to steal financial data from big companies.”

War-driving is still more common than most people probably think, but the number of incidents reported by small and medium businesses is very low.  In most cases, WEP encryption is still the target.  In a recent Network World article reported that Seattle police are investigating a group of criminals attacking local businesses via Wi-Fi access points encrypted with the flawed WEP protocol.  Does this appear to be an isolated incident? No.  According to the Seattle police, this group of criminals has been suspected of these types wireless attacks for as many as *5 years*.

What is troubling is the number of retailers that continue to opt for a “compensating control” to address their wireless security requirements.  Even PCI’s “approved” methods including quarterly wireless scans and visual inspections are insufficient to protect your business.   Wi-Fi is everywhere, its easy to find an unencrypted (or poorly encrypted) signal.

Until companies understand the risk of properly secured Wi-Fi, they will remain susceptible.    Just ask the guys in Seattle.

 

 

Mike Baglietto

Mike is responsible for product marketing at AirTight and oversees the inside sales team and lead generation. He is a veteran of the Silicon Valley high tech industry with 20 years of experience in product marketing, sales and technical account management. Prior to joining AirTight, Mike held the position of senior product marketing manager for data protection services at eVault. Before eVault, Mike held senior product marketing positions at Quest Software, Keynote Systems, SBE, Inc., NetManage and Software Publishing Corporation.
Mike holds a BA in International Relations from the University of California, Davis.

Wireless scanning

Comments

  1. No comments yet.
  1. No trackbacks yet.

Your email address will not be published. Required fields are marked *