Network professionals feel confident with their security and compliance practices but data suggests that they also leave their organizations open to risk, which is costing a significant amount of revenue, according to Titania.
In addition, some businesses are not minimizing their attack surface effectively. Companies are prioritizing firewall security and chronicle a fast time to respond to misconfigurations when detected in annual audits. However, switches and routers are only included in 4% of audits and these devices play a vital role in reducing an organization’s attack surface and preventing lateral movement across the network.
Respondents also indicated that financial resources allocated to mitigating network configuration, which currently stands around 3.4% of the total IT budget, and a lack of accurate automation are limiting factors in misconfiguration risk management.
Specifically, the study, which surveyed 160 senior cybersecurity decision-makers across the U.S. Military, Federal Government, Oil and Gas, Telecoms, and Financial Services sectors, revealed:
Misconfigurations cost organizations millions
Organizations stated that misconfigurations cost an average of 9% of their annual revenue but the true cost is likely to be higher. The good news is one-third find fewer than 50 per year, but the majority are only auditing their devices annually. This means that misconfigurations, including ones that could pose a critical risk to security, could reside on the network for months, even years, between audits – leaving the business vulnerable to attacks. And while budgets are increasing annually, this has little to no impact on the volume of critical misconfigurations detected on