Security Misconfigurations in the Pandemic – and What to Do About Them

Change has never been a friend of network security. Neither has complication. Right now, we have too much of both.

The Covid-19 pandemic has resulted in an unprecedented shift to remote work, bringing an avalanche of new access requests, along with all the configuration complications they introduce.

Threat actors have noticed, and attempts to cash in on this “black swan” event have mushroomed. In the early days of the pandemic DDoS attacks and disruption risks jumped 30%1. More recently, Microsoft alerted hospitals2 that sophisticated ransomware attackers are actively trying to gain network access by exploiting vulnerabilities in devices such as gateway and VPN appliances.

Facing down these rising threats are the overworked security professionals struggling to keep up with the access requests and configuration changes to network topologies. In many cases they’re also facing the difficulties of working remotely while responding at all hours of the day and night, and coping with the same personal challenges all of us are facing.

With exhausted IT teams stretched thin, it’s no wonder that the biggest threats to your network are security misconfigurations due to simple human errors.

Even in normal times, security misconfigurations are a huge problem. Well before the pandemic, research firm Gartner had forecast that 99 percent of all firewall breaches through 20233 would be caused by security misconfigurations.

The Covid-19 pandemic has only magnified the impact of these misconfigurations, with an increased IT workload at the same time that attacks of all types are on the rise.

So what can you do about it? How can you address the issue and reduce the chances of security misconfigurations and misconfigured firewalls?

  1. Arm yourself and your team with knowledge
    FireMon has assembled a wealth of professional articles, reports and other insightful resources to help your organization deal with the problem of misconfigurations. You can find them all here. 
  1. Alert your security team to the top three misconfigurations that cause data breaches. Ensure that they are actively aware when dealing with change orders that could trigger errors in these categories:
  • Failing to remove unused access permissions;
  • Creating overly permissive rules;
  • Setting up incorrect access through misconfigured zones and subnets.

While these measures can help address the challenges of security misconfiguration prevention in the short term, they are not ideal, permanent solutions.

The real solution is to minimize the risks of human error by automating change processes.

The challenges of today’s fluid network topology resulting from a spike in remote workers is a reminder that human error is inevitable in manual processes, and that security misconfiguration prevention through automation should to be a goal for every organization.

Effective automation reduces the inadvertent errors that lead to misconfigurations while increasing security agility—an essential attribute at any time, but especially during exceptional conditions like the ones we face now. By eliminating the guesswork and human errors that can compromise an infrastructure increasingly accessed by remote workers, you maximize the operational efficiency of your security teams and reduce instances of security misconfigurations and the catastrophic impact they can have on your digital realm.


1 https://www.totaltele.com/505216/Link11-Warns-of-30-Increase-in-Length-of-DDoS-Attacks-and-Disruption-Risks-as-Organizations-Accelerate-COVID-19-Remote-Working-Plans

2 https://www.fiercehealthcare.com/tech/microsoft-warns-hospitals-sophisticated-ransomware-attacks-targeting-remote-workforce

3 https://www.firemon.com//newsroom/new-report-gartner-highlights-growing-importance-network-security-policy-management-technologies/

You May Also Like

Ransomware Attacks – The new normal?

Once again, the world is hit with another ransomware attack. Similar to the WannaCry Ransomware cyberattack last month, Petya is causing major pain among thousands of users, this time crippling banks and infrastructure in what cybersecurity experts called one of the most-devastating digital intrusions of its type. In fact, not

Read More >

Looking Forward to Seeing You at RSA 2022

RSA 2022 is almost here! I’m excited to see many of you face-to-face in just a few weeks in San Francisco. So much has changed at FireMon since RSAC in 2020, yet our core mission of protecting our customers is still true north. If you are attending RSA, I’d love

Read More >

Pragmatic Steps Toward Zero Trust

If you ask most security professionals to define zero trust, you’ll get an eye roll and an exasperated sigh. To many, it’s been little more than a marketing exercise—and let’s be honest: a lot of what we’re seen and heard about zero trust over the past decade has been more

Read More >