Home > IT Monitoring > Network Monitoring > Network misconfiguration can cost businesses 9% of revenue
How much can poor network configuration cost businesses? By leaving them exposed to risk, the result of mistakes or carelessness can cost organisations dearly. This is suggested by a recent Titania study, which assessed how firewalls, switches and routers are being configured among 160 US organisations in the military, government, oil and gas, telecommunications and financial services sectors. Senior-level cybersecurity decision-makers were asked how they detect and mitigate vulnerabilities in this network equipment and how confident they feel about the secure configuration.
Even though network professionals feel confident in their security and compliance practices, the data suggests they leave their organisations exposed to risk. “Interestingly, the same respondents also reported that their organisations do not review switches and routers when checking for misconfigurations, that checks are typically performed annually, and that budgets have increased year over year, but this has had little or no impact on the volume of critical misconfigurations detected on their networks,” the report says. Respondents shared that their budgets have increased, especially in the last two years, but this has had little effect. Half of the organisations have seen no change in the number of critical misconfigurations since last year.
Some companies are not reducing their attack surface effectively, prioritising firewall security and a rapid response capability in the event of misconfigurations detected in annual audits. The issue is that switches and routers are included in only 4% of audits and these devices rightly play an important role in reducing the attack surface and preventing malicious lateral movement across networks.
Respondents also indicated that financial resources allocated to network configuration – which currently represents around 3.4% of the total IT budget – and the lack of automation are limiting factors in managing the associated risks of configuration errors.
Specifically, the survey also revealed that:
Misconfiguration can be a great ally for criminals. One of the key revelations of a recent Microsoft survey was that the vast majority (80%) of ransomware attacks exploited common configuration errors in equipment or software as an invasion tactic. The second edition of Cyber Signals focused on the rise of the ransomware-as-a-service (RaaS) economy and how it has evolved to become a profitable business model.
“These attacks follow a model of gaining initial access through malware infection or vulnerability exploitation and then stealing credentials to gain privileges and move laterally,” the report said.