Titania research pegs losses from misconfigurations at average of 9% of annual revenue. Credit: D3Damon / Getty Images Network misconfigurations cost companies an average of 9% of annual revenues, according to a study released Wednesday by a network security and compliance company. The research by Titania based on a survey of 160 senior cybersecurity decision makers across a broad array of government and industrial verticals also warned that misconfigurations that leave a business vulnerable to cyberattacks could be sitting on networks for months or years because of infrequent audits of connected devices.“Networks can change on a daily basis—typically through planned activity— resulting in configuration drift,” says Titania CEO Phil Lewis. “As firewalls, routers and switches are pivotal to the security of all networks, organizations should check all their devices regularly—ideally daily—for misconfigurations, either accidental or deliberate, that could result in critical security risks.”“The fact that only 4% of organizations assess all their network devices by auditing their switching and routing devices, as well as their firewalls, is inherently problematic and likely the result of a lack of accurate automation capability,” he adds.Prioritizing risk mitigation of network devices a challengeThe study also revealed that organizations are having trouble prioritizing mitigation of risks posed by network devices. It found that 70% reported difficulties prioritizing remediation based on risk. They also identified inaccurate automation as a top challenge when meeting security and compliance requirements. “The tools that many organizations currently rely upon to automate vulnerability detection are failing in making the day-to-day network security checking process more efficient and effective,” Lewis says. “It often involves sampling. This ultimately leaves networks exposed to undetected and potentially critical risks caused by configuration drift.”Router settings often have mistakesOrganizations may be reluctant to fiddle with network misconfigurations. “It is very easy to ‘break’ working web apps and functioning services when changing network configuration for threat remediation,” explains Michael Assraf, CEO and co-founder of Vicarius, a vulnerability remediation company. “Network equipment usually runs old and lean versions of Linux, which doesn’t receive general kernel updates unless the hardware vendor releases an upgrade. Taking a snapshot and recovering from a bad configuration is also done manually and require specific expertise.” Antiquated network architectures that depend on firewalls to protect network devices from compromise can also contribute to the risks they present to organizations. “There are many things admins can do with router settings by mistake that might accidentally bypass your firewall,” says Corey Nachreiner,CSO of WatchGuard Technologies, a cybersecurity technology company. “I have seen admins use a router’s multiple interfaces to inadvertently connect a second interface directly into their network, going around the firewall in the process.”“Some switches also have alternate remote management channels that might fall outside your firewall and gateway router,” Nachreiner continues, “so it’s also important to make sure those features aren’t misconfigured and exposing your internal network switches to the world as a result.”Switches and routers often overlookedThe report also found that routers and switches are largely overlooked. Most organizations (96%) prioritize the configuration and auditing of firewalls, but only 4% assess switches and routers, as well as firewalls. “Commercial routers and networking equipment have strong security protocols, which are heavily advertised,” says Ray Steen, CSO of MainSpring, a provider of IT managed services. “Network administrators trust this security, but a powerful security protocol in a product containing vulnerable code is like a three-inch steel door protecting a cardboard box. Cyber actors just break the box.”“I think that people give more attention to personal computing and servers because it is easy to protect them,” adds Carmit Yadin, founder and CEO of DeviceTotal, maker of a risk management platform for un-agentable devices. “They are intuitive, while IoT and network devices are black boxes that customers purchase and plug into the network. There are no client or agent to be installed so they’re less intuitive.” Related content news UK CSO 30 Awards 2023 winners announced By Romy Tuin Dec 05, 2023 4 mins CSO and CISO news analysis Deepfakes emerge as a top security threat ahead of the 2024 US election As the US enters a critical election year, AI-generated threats, particularly deepfakes, are emerging as a top security issue, with no reliable tools yet in place to combat them. By Cynthia Brumfield Dec 05, 2023 7 mins Election Hacking Government Security Practices feature How cybersecurity teams should prepare for geopolitical crisis spillover CISOs can anticipate and prepare for cyberattacks conducted by participants in geopolitical conflict such as the Israel/Hamas war by understanding the threat actors' motivations and goals. By Christopher Whyte Dec 05, 2023 12 mins Advanced Persistent Threats Threat and Vulnerability Management Risk Management news analysis P2Pinfect Redis worm targets IoT with version for MIPS devices New versions of the worm include some novel approaches to infecting routers and internet-of-things devices, according to a report by Cado Security. By Lucian Constantin Dec 04, 2023 5 mins Botnets Hacker Groups Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe