Highlights:

According to new research released today by IT auditing company Titania, organizations say that network misconfigurations cost them an average of nine percent of their annual revenue. Still, the actual cost is likely to be higher.

Lewis suggests that, in practice, organizations should switch from assessing configuration risks on an as-needed basis to doing so continuously.

Security is a game that involves a lot at stake. Just one exploit, vulnerability, or human error can lead to a data breach, which costs an average of USD 4.35 Million.

At the same time, a single breach can also significantly affect an organization’s ability to make money in the long run.

According to new research released by IT auditing company Titania, organizations say that network misconfigurations cost them an average of nine percent of their annual revenue. However, the real cost is likely to be higher.

For businesses, the report shows that misconfigurations lead to severe network weaknesses that cybercriminals can use, causing serious financial problems.

How much does it cost to manage risks badly?

The report also found that owing to a lack of proper auditing, organizations could not address misconfigurations effectively. Most organizations only audit their devices once a year. In 96% of those cases, switches and routers are checked for wrong configurations. This method is called risk assessment by sampling.

From every angle, it’s clear that businesses need to rethink how they manage vulnerabilities.

CEO of Titania, Phil Lewis, said, “We know that the task of defending networks against preventable attacks is no easy feat. Unlike software vulnerabilities that can be ‘patched away,’ misconfigurations in firewalls, switching and routing devices — which often pose a more significant risk to security — cannot.”

Lewis added, “In these cases, network security teams need visibility of misconfigurations before assessing the risk they pose to the network. They then must prioritize fixes based on risk to information remediation workflows”.

Lewis suggests that, in practice, organizations must switch from assessing configuration risks not on an ad-hoc basis but continuously. They should also prioritize remediation efforts based on the risk level and ensure that all firewalls, switches, and routers are safe from attacks that could have been stopped.

The market for risk management

The research comes when more organizations spend money to keep their environments safe by automating vulnerability management. The global security and vulnerability management market is expected to grow from USD 13.8 Billion in 2021 to USD 18.7 Billion in 2026.

Tenable with Nessus is one of the most popular providers in the market. It combines vulnerability monitoring, IT, and configuration assessments for traditional IT assets like servers and firewalls with External Attack Surface Management (EASM) capabilities to protect assets that face the internet outside the firewall.

Rapid7’s Insight VM (Nexpose) is another crucial player in the market. It is a vulnerability scanner with real-time monitoring that gives each vulnerability a risk score based on how old it is, what exploits are available for it, and other factors.

These solution categories can help organizations determine the most dangerous vulnerabilities and give security teams a way to fix them systematically.