Based on my own experience and that I've from others, I guarantee you most of the times that aircrack (or any of the other wireless encryption cracking tools) are run against a wireless network, the results come back negative. No weak encryption implementation - no cracked passphrases - nothing. All's well in 802.11-land. Management sees this and assumes that the business network is safe.
The devil's in the details though. If you look closer at how most wireless "hacking" or penetration tests are carried out, the techniques are often flawed:
- the timeframe for wireless testing is limited (i.e. you/they need to move on to other stuff since the budget doesn't allow for days or weeks of analysis)
- many wireless networks don't generate enough packets needed by the tools to crack the passphrases
- dictionaries used for cracking WPA pre-shared keys are too limited...it's difficult if not impossible to have a dictionary of all possible passphrase combinations
- it's assumed that if no signal can be seen outside of the building with a plain old laptops built-in wireless antenna that no one will be able to access the wireless airwaves
- testing is only performed on a limited subset of wireless access points (this is OK if all wireless networks are configured the exact same way but that's rarely the case)
My point is that just because your wireless environment checks out OK, it doesn't mean it really is secure. With the right tools and enough time and effort, it very well could be cracked. Whether it's protected by WEP or WPA using pre-shared keys - if it's implemented incorrectly, wireless encryption can eventually be broken leading to a TJX-like mess.
If you're using wireless, make sure your testing is done the right way...Spend the time, money, and effort to get a real-world view of how secure or unsecure it really is. There's no logical excuse for using WEP in a business environment either. Get everything off of it as soon as you can. TJX apparently didn't do this and they - and a lot of people - are paying the price.