Cybersecurity headlines on Monday, October 16th focused on a fundamental flaw that has been uncovered in Wi-Fi Protected Access II (WPA2). By exploiting this flaw, hackers that happen to be in close proximity to your wireless device can decrypt your traffic, steal your user IDs and passwords, redirect you to malicious websites, install malware, and eavesdrop on your communications. This latest threat has been dubbed the KRACK flaw by the industry professionals who have uncovered it.
It goes without saying that this is a very big deal, and it has a lot of people very, very worried – and with very good reason.
As this is a flaw in the WPA2 standard itself, there is nothing you as a user can do on your own to reduce your risk beyond turning Wi-Fi off on your laptops, smartphones, and tablets. The job of correcting this issue falls to the vendors who make networking hardware and software, and the unfortunate reality is that the rest of us are stuck waiting for them to roll out updates. However, US-CERT has known about this flaw for a few months, and several vendors have already released updates to help protect their customers against KRACK.
For example, Microsoft released its patch for Windows 10 in reaction to the KRACK flaw back on October 10th. Apple has already patched the BETA versions of iOS, macOS, tvOS, and a patch for watchOS is due out soon. iOS 11 and macOS High Sierra make the attack difficult for hackers to execute, which is good news for many Apple users. Other vendors are hard at work on their own responses to this WPA2 flaw.
As much as we — and the entire IT security and support community — would like to be able to step in and take care of this KRACK flaw ourselves, we’re also stuck waiting for patches to be made available. However, we do have some good news for our managed IT services clients; you will receive these updates automatically for your supported Windows-based PC’s, laptops, tablets, and servers as soon as they are released.
In the meantime, it’s important to know that you absolutely must update both the wireless device AND the wireless access point or router in order to be protected. For example, our Networking-as-a-Service uses Datto Networking, which has already implemented a fix for their wireless access points. In addition, our SonicWALL wireless firewalls and SonicPoint access points are not vulnerable to KRACK.
The KRACK Flaw May Be Tricky, But There Are Still Steps You Can Take To Stay Secure
While you’re waiting on the remaining critical patches to be made available, there are a few things you can be doing from a practical perspective:
Our technicians will be providing further updates as this WPA2 security incident continues to unfold and new information becomes available.
More than 33 billion records will be stolen by cybercriminals by 2023, an increase of 175% from 2018.
The average cost of a data breach in the United States is $8.64 million, which is the highest in the world, while the most expensive sector for data breach costs is the healthcare industry, with an average of $7.13 million (IBM).
Forty-three percent of attacks are aimed at SMBs, but only 14% are prepared to defend themselves (Accenture).
The three sectors with the biggest spending on cybersecurity are banking, manufacturing, and the central/federal government, accounting for 30% of overall spending (IDC).
The cost of cybercrime is predicted to hit $10.5 trillion by 2025, according to the latest version of the Cisco/Cybersecurity Ventures “2022 Cybersecurity Almanac.”.
It takes an average of 287 days for security teams to identify and contain a data breach, according to the “Cost of a Data Breach 2021” report released by IBM and Ponemon Institute.
40% of businesses will incorporate the anywhere operations model to accommodate the physical and digital experiences of both customers and employees (Techvera).
The internal team was energized. With the Level 1 work off its plate, the team turned its attention to the work that fueled company growth and gave them job satisfaction.
We did a proof of concept that met every requirement that our customer might have. In fact, we saw a substantial improvement.
We did everything that we needed to do, financially speaking. We got our invoices out to customers, we deposited checks, all the things we needed to do to keep our business running, and our customers had no idea about the tragedy. It didn’t impact them at all.
“We believe our success is due to the strength of our team, the breadth of our services, our flexibility in responding to clients, and our focus on strategic support.”