Misconfigurations overlooked as the cause of network security breaches
Date published: 25 Oct 2022
Security breaches and cyber-attacks on critical national infrastructure are making the headlines more frequently than ever before. Threat actors are using a variety of methods to breach networks and often a number of approaches are tested until they succeed in gaining entry, with misconfigurations in the network being just one possible target.
However, while network operations teams regularly carry out software updates and patches to their network devices, misconfigurations are overlooked and persist as a critical risk to network security.
Misconfigurations are costing organizations millions of dollars
Recently, research carried out on behalf of Titania has highlighted to extent misconfigurations are overlooked by organizations across a range of sectors, including Military, Federal, Government, Telecommunications, Financial Services and Oil and Gas. The study found that on average network misconfigurations are costing organizations 9% of annual revenues, amounting to millions of dollars.
These costs extend far beyond the financial; an organization’s reputation, the stability of critical infrastructure and the protection of sensitive data are also at risk.
Firewalls are prioritized over switches and routers
The research delves further into network security practices with 96% of senior cybersecurity decision makers clarifying that while they prioritize the configuration of auditing of firewalls, they do not do the same for switches and routers. According to the principles of Zero Trust, auditing configurations is essential for preventing lateral movement across networks.
For instance, the failure to removal of obsolete commands can be an issue for network operations and administrators. With many organizations increasing working-from-home practices, significant network changes and data flow shifts have taken place in the last couple of years.
Following modifications, no-longer-needed configurations sometimes lay dormant, and while these are not always an immediate security threat, they can create confusion for administrators managing the network and increase the likelihood of human errors, such as necessary configurations being removed.
Configuration drift is often a consequence of ad hoc changes not being track and recorded sufficiently.
There are several barriers that are impacting network security team’s ability to stay on top of misconfigurations. Even with almost all organizations auditing firewalls, many are leaving months or even years between network audits and so misconfigurations remain in the network for all that time.
A lack of financial resource is one issue. On average, just 3.4% of the overall IT budget is allocated to mitigating network misconfigurations. That being said, simply increasing the budget is not enough to have a significant impact on the volume of critical misconfigurations being detected.
The assessment of all network devices rather than a sample is crucial. Through automation, increasing the cadence of network audits with continuous monitoring for configuration drift can deliver assurance at scale. Therefore, helping organizations meet compliance standards and operate under zero trust.
Organizations report they lack the resources needed to prioritize remediation
Network operations teams also report that remediation prioritization once misconfigurations are found is a challenge that impedes on meeting security and compliance requirements.
This is where auditing automation tools, such as Titania’s Nipper Enterprise, can help. Criticality ratings based on ease of exploitation and impact to the network ensure effective prioritization and can even determine the exact technical fixes needed to remediate.
For critical infrastructure and all enterprises moving towards a zero-trust approach, automation tools minimize network risks and help companies continuously detect and respond to misconfigurations at scale.
The full report on the impact of exploitable network misconfigurations can be downloaded here.
- Titania Report Reveals Less Than 40% of Senior Cybersecurity Decision Makers Effectively Prioritize Risks to Payment Card Industry Data Security Standard (PCI DSS) 4.0 Compliance
- New SEC Rules for Public Companies Reporting Cybersecurity Incidents to be Finalized in April
- Log4j vulnerability: The threat persists one year on
- Minimizing the cost of a data breaches in 2023
If organizations want to minimize their attack surface effectively, they need to increase the cadence of risk assessments and remediation of all network devices. This is in line with a core tenant of zero trust security best practice, which is to verify, rather than trust that devices are secure, every day.” - Phil Lewis, Titania CEO.
New SEC Rules for Public Companies Reporting Cybersecurity Incidents to be Finalized in April
A proactive network security approach: continuous monitoring and assurance for misconfigurations is key