Network mistakes and misconfigurations cost companies millions

Credit: Dreamstime

Network misconfigurations cost companies an average of nine percent of annual revenues, according to a study released by a network security and compliance company.

The research by Titania based on a survey of 160 senior cyber security decision makers across a broad array of government and industrial verticals also warned that misconfigurations that leave a business vulnerable to cyber attacks could be sitting on networks for months or years because of infrequent audits of connected devices.

“Networks can change on a daily basis — typically through planned activity — resulting in configuration drift,” says Titania CEO Phil Lewis. “As firewalls, routers and switches are pivotal to the security of all networks, organizations should check all their devices regularly — ideally daily — for misconfigurations, either accidental or deliberate, that could result in critical security risks.

“The fact that only four percent of organizations assess all their network devices by auditing their switching and routing devices, as well as their firewalls, is inherently problematic and likely the result of a lack of accurate automation capability.”

Prioritizing risk mitigation of network devices a challenge

The study also revealed that organizations are having trouble prioritizing mitigation of risks posed by network devices. It found that 70 percent reported difficulties prioritizing remediation based on risk. They also identified inaccurate automation as a top challenge when meeting security and compliance requirements.

“The tools that many organizations currently rely upon to automate vulnerability detection are failing in making the day-to-day network security checking process more efficient and effective,” Lewis says. “It often involves sampling. This ultimately leaves networks exposed to undetected and potentially critical risks caused by configuration drift.”

Router settings often have mistakes

Organizations may be reluctant to fiddle with network misconfigurations.

“It is very easy to ‘break’ working web apps and functioning services when changing network configuration for threat remediation,” explains Michael Assraf, CEO and co-founder of Vicarius, a vulnerability remediation company.


Leave a Comment