Security Misconfigurations in the Pandemic – and What to Do About Them

FireMon

Change has never been a friend of network security. Neither has complication. Right now, we have too much of both.

The Covid-19 pandemic has resulted in an unprecedented shift to remote work, bringing an avalanche of new access requests, along with all the configuration complications they introduce.

Threat actors have noticed, and attempts to cash in on this “black swan” event have mushroomed. In the early days of the pandemic DDoS attacks and disruption risks jumped 30%1. More recently, Microsoft alerted hospitals2 that sophisticated ransomware attackers are actively trying to gain network access by exploiting vulnerabilities in devices such as gateway and VPN appliances.

Facing down these rising threats are the overworked security professionals struggling to keep up with the access requests and configuration changes to network topologies. In many cases they’re also facing the difficulties of working remotely while responding at all hours of the day and night, and coping with the same personal challenges all of us are facing.

With exhausted IT teams stretched thin, it’s no wonder that the biggest threats to your network are security misconfigurations due to simple human errors.

Even in normal times, security misconfigurations are a huge problem. Well before the pandemic, research firm Gartner had forecast that 99 percent of all firewall breaches through 20233 would be caused by security misconfigurations.

The Covid-19 pandemic has only magnified the impact of these misconfigurations, with an increased IT workload at the same time that attacks of all types are on the rise.

So what can you do about it? How can you address the issue and reduce the chances of security misconfigurations and misconfigured firewalls?

  1. Arm yourself and your team with knowledge
    FireMon has assembled a wealth of professional articles, reports and other insightful resources to help your organization deal with the problem of misconfigurations. You can find them all here. 
  1. Alert your security team to the top three misconfigurations that cause data breaches. Ensure that they are actively aware when dealing with change orders that could trigger errors in these categories:
  • Failing to remove unused access permissions;
  • Creating overly permissive rules;
  • Setting up incorrect access through misconfigured zones and subnets.

While these measures can help address the challenges of security misconfiguration prevention in the short term, they are not ideal, permanent solutions.

The real solution is to minimize the risks of human error by automating change processes.

The challenges of today’s fluid network topology resulting from a spike in remote workers is a reminder that human error is inevitable in manual processes, and that security misconfiguration prevention through automation should to be a goal for every organization.

Effective automation reduces the inadvertent errors that lead to misconfigurations while increasing security agility—an essential attribute at any time, but especially during exceptional conditions like the ones we face now. By eliminating the guesswork and human errors that can compromise an infrastructure increasingly accessed by remote workers, you maximize the operational efficiency of your security teams and reduce instances of security misconfigurations and the catastrophic impact they can have on your digital realm.


1 https://www.totaltele.com/505216/Link11-Warns-of-30-Increase-in-Length-of-DDoS-Attacks-and-Disruption-Risks-as-Organizations-Accelerate-COVID-19-Remote-Working-Plans

2 https://www.fiercehealthcare.com/tech/microsoft-warns-hospitals-sophisticated-ransomware-attacks-targeting-remote-workforce

3 https://www.firemon.com/newsroom/new-report-gartner-highlights-growing-importance-network-security-policy-management-technologies/