First, the article. "News of Frauds" is a blog maintained by Piyush Sood. Yesterday he cross-posted an article from PCmag.com written originally by Corinne Iozzio on the most "mysterious" cyber-crimes of all time. While I may not agree with Corinne's assessment with the importance/mysteriousness of these crimes - I think she pointed out a little gem.
If you scroll down to the "Supermarket Security Breech" you'll notice an interesting quote.
"Chain reps and security experts are still unclear as to how the criminals gained access to the system; the 2005 T.J.Maxx breach took advantage of a vulnerability in the chain's wireless credit transfer system, but Hannaford and Sweetbay do not use wireless transfers of any sort."
This quote fascinated me instantly. Of course they may not have known about any wireless - that's kind of the point isn't it? How many companies are willing to say, on the record, "no we do not have wireless" only to get hacked through some open access point hidden under someone's desk or in a conference room to 'share network access'. It's a sad commentary, I think.
Saying "we have no wireless" and actually having a policy that prohibits people from hooking up access points randomly are two entirely different things. Oddly enough, most companies simply say "we don't allow wireless" and then wonder how it is they could have possibly gotten hacked when their network is so air-tight.
I can't stress this enough. If you don't want something on your network - make a policy against it and be ready to enforce that policy. Otherwise... expect to be hacked. Or at least be ready to have to explain why you're not ready.