Why Security Misconfiguration Are Higher During Covid-19

There are good reasons your IT security team may be looking a bit sleep-deprived. In addition to the stress of the COVID-19 pandemic everyone is facing, they’re also facing heightened risks to network firewall security as new external assets (websites, web portals, mobile apps and more) are provisioned to enable customers and an expanding remote workforce.

First, enterprise networks have changed dramatically – and with dramatic speed. The pandemic has led organizations to urge their employees to work from home. For many businesses, that’s turned the normal pattern of network connections upside down. Instead of most employees logging in securely from a wired office, most of them are logging in remotely. Up to half the workforce is now working from home.

IT teams have had to work overtime to accommodate this rapid revolution in network configuration. A survey of our customers revealed that enterprise infrastructure change is up an astounding 300%.

The pace and scope of these changes adds immeasurably to the challenges of keeping the network secure from inadvertent errors – especially given the complex hybrid networks that are the norm today. The pandemic has only added to that complexity by vastly expanding the need to access cloud services. Microsoft has reported an almost unbelievable 775% increase is usage of cloud services due to the pandemic.

Finally, in the face of these rapid configuration changes – and in part because of them – security threats are increasing. Bad guys thrive on chaos, and the pandemic has created an opportunity they find irresistible. An FBI official reported that cybercrime reports had quadrupled by mid-April compared to the months before the pandemic.

Moreover, the increase in malicious activity isn’t limited to just one or two types of attacks. Threats of all kinds are up:

  • The length of DDoS attacks and other disruption risks targeting enterprise networks is up.
  • Bad bot traffic is up, along with all the threats that exploit bot networks.
  • Phishing attacks are up, and Google has detected a huge increase in active phishing sites.
  • Credit card skimming attacks are up, matching the increase in online shopping.

We’ve created a compelling infographic that captures the specific and relevant risk data facing every networked business during this pandemic. It’s a powerful summary of the challenges your IT security team is working to overcome every day. Check it out.

Of course, threats are just threats unless they are somehow able to penetrate your network firewall security – which brings us to the biggest challenge facing IT teams.

With so much change to network and cloud security group configurations in such a short time, mistakes resulting from manual change processes are inevitable. Misconfiguration errors are responsible for a staggering percentage of security breaches. Gartner reports that 99% of all firewall breaches through the next several years will be caused by misconfigurations – not flaws.

What’s the answer? In the short term, an unsustainable approach of checking and rechecking configurations with every change, paying particular attention to the most common misconfigurations that result in data breaches.

The real solution, however, is applying a disciplined and repeatable practice by automating the process of configuration change. By minimizing manual efforts and the inevitable errors they bring, IT teams can significantly reduce instances of misconfigurations that inadvertently expose vulnerabilities, leaving data exposed, your company lifeblood.

 

You May Also Like

Ransomware Attacks – The new normal?

Once again, the world is hit with another ransomware attack. Similar to the WannaCry Ransomware cyberattack last month, Petya is causing major pain among thousands of users, this time crippling banks and infrastructure in what cybersecurity experts called one of the most-devastating digital intrusions of its type. In fact, not

Read More >

Looking Forward to Seeing You at RSA 2022

RSA 2022 is almost here! I’m excited to see many of you face-to-face in just a few weeks in San Francisco. So much has changed at FireMon since RSAC in 2020, yet our core mission of protecting our customers is still true north. If you are attending RSA, I’d love

Read More >

Pragmatic Steps Toward Zero Trust

If you ask most security professionals to define zero trust, you’ll get an eye roll and an exasperated sigh. To many, it’s been little more than a marketing exercise—and let’s be honest: a lot of what we’re seen and heard about zero trust over the past decade has been more

Read More >