Did you hear the buzz last week about the key reinstallation attack (KRACK) Wi-Fi Protected Access II (WPA2) security vulnerability?
That was a mouthful. But, in short, KRACK involves an embedded flaw in the crucial Wi-Fi Protected Access II security protocol. Conceivably, it put any device attached to a Wi-Fi network at risk of either bleeding data or becoming a vector for malware, notes a CRN article.
After the KRACK WPA 2 announcement, the media exploded with warnings. After all, this is serious stuff. But hopefully, you knew you were covered, either by your internal information technology staff, or by an outsourced managed security solutions provider.
On the other hand, if this flaw’s discovery is either: A) news to you; or B) you know about the KRACK WPA2 gap, but aren’t sure what to do, read on.
Anatomy Of A Wi-Fi Achilles’ Heel
Security is a hugely technical and often obscure area, although it affects a company’s operations on every level. So, let’s look at the KRACK issue for a moment — which is particularly complex. However, we’ll simplify it a bit. The attack works like this:
- A device logs on to a Wi-Fi access point to be authenticated
- A four-way “handshake” occurs as part of the WPA2-enabled connection process
- The KRACK assault compromises the encryption key used to scramble/protect network data
- Attackers can then read company data or install malware into the network
The KRACK flaw would have gone unnoticed except for a couple of, shall we say, obscure researchers. The average business user would never have realized the hole existed — and without a professional IT staff, communicating the nature of the problem to most business users would be virtually impossible — forget about formulating a fix.
It would be akin waking up in the middle of the night, to be tested on a type of calculus you’ve never studied before.
Overcoming Internal Cybersecurity Shortcomings
Hopefully, you, as a New England business manager or owner, have internal IT resources that can cope with the KRACKs of the world. But if not, you can partner with a local managed security service provider (MSSP) for the resources and savvy you need to survive today’s malware, hacking, and other cybersecurity threats.
A solutions provider handles these complex security challenges, round-the-clock, on your behalf. Once a vulnerability or variant is identified, a warning is issued, and those businesses with MSSP support generally don’t have to do a thing. Their partners make sure the appropriate patches are distributed or processes changed. And the vulnerabilities are addressed without disaster, and with minimum disruption.
(As an example, that’s how BCS handled the KRACK threat — deploying the appropriate patch and notifying our clients about how we were addressing the problem.) Perhaps we should discuss what we can do for your security gaps?
Incidentally, this is National Cyber Security Month, and a great time for a free security review. Talk to us today.
