I am conducting a presentation on the importance of wireless security to an internal group. I am looking for recent statistics or surveys describing wireless attack incidents, the cost associated with the damage incurred, and the cost of resolving the compromise to the network. Any information or direction would be greatly appreciated.

As corporate and government wireless usage and the enforcement of "no wireless" policies becomes more prevalent, we are seeing more information on wireless-related security breaches become part of the public domain. In addition, there is increasing legislative focus at the federal, state, and local levels on the prevention of identity theft and protection of sensitive data - of which wireless security is a key component.

It is not always easy to get details on the specific costs associated with attacks since that information is often - for obvious reasons - highly guarded, but the Privacy Rights Clearinghouse has estimated that since February 2005, the personal information of 55 million Americans has been compromised. More than 50 percent of the damage came from hacking. Several wireless attack incidents that have been publicised recently include:

  • BJ's Wholesale Club: This warehouse club store agreed to implement a comprehensive data-security system and undergo biannual security audits for the next 20 years under a settlement with the Federal Trade Commission (FTC). The FTC found that the company did not use readily available security measures to limit access to its computer networks through wireless access points on the networks.
  • PG&E: A consultant gained unauthorised access to its wireless network to obtain sensitive computer files relating to a contentious battle with a municipality.
  • Lowe's: Hackers were convicted for gaining unauthorised access to the wireless network (from stores' parking lots) to obtain customer credit card numbers.
  • Wake Forest University School of Medicine: A hacker was convicted for gaining unauthorised access to the wireless network and obtaining confidential patient files.
  • GE Money: A bank insider used unauthorised access to the wireless network to hack into an online bank account to steal funds.

The Ponemon Institute has published some interesting information regarding the cost of attacks, specifically about how much a data breach can cost companies. Based on a survey of 14 organisations that lost confidential customer information and had a regulatory requirement to notify affected individuals, the institute found that total costs to recover from a data breach averaged US$14 million. These costs covered everything from customer notification and legal costs, to lost employee productivity, to customer churn.

The wireless network has the same challenges as the fixed, wired network. Organisations must have a pre-emptive plan of action to prevent wireless attacks and policy violations, which can compromise an organisation's data privacy, network integrity and regulatory compliance-and impact the bottom line.

Chris Waters is CTO of Network Chemistry as well as an editorial board member of the WVE wireless vulnerabilities and exploits information source. This article appeared in Network World.