Check out all the on-demand sessions from the Intelligent Security Summit here.
Security is a high-stakes game. It only takes one exploit, vulnerability or human error to lead to a data breach that costs an average of $4.35 million.
At the same time, a single breach can also have a significant impact on the revenue-generating potential of organizations over the long term.
According to new research released today by IT auditing provider Titania, organizations report that network misconfigurations cost an average of 9% of their annual revenue, although the true cost is likely to be higher.
For enterprises, the report highlights that misconfigurations cause serious weaknesses in the network that cyber criminals can exploit that can cause serious financial disruption.
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
The cost of poor vulnerability management
The report also found that organizations were failing to effectively address misconfigurations due to inconsistent auditing activity. In fact, most organizations are only auditing their devices annually, with switches and routers checked for misconfigurations in just 4% of cases, an approach best described as risk assessment by sampling.
On all sides it’s clear that enterprises need to rethink the way they approach vulnerability management.
“We know that the task of defending networks against preventable attacks is no easy feat. Unlike software vulnerabilities that can be ‘patched away,’ misconfigurations in firewalls, switching and routing devices — which often pose a more significant risk to security — cannot,” said CEO of Titania, Phil Lewis.
“In these cases, network security teams first need visibility of misconfigurations before they can assess the risk they pose to the network. They then need to prioritize fixes based on risk to information remediation workflows,” Lewis said.
In practice, Lewis recommends that organizations shift from ad-hoc to continuous assessment of configuration risks and prioritize remediation efforts based on the level of risk and ensure that all firewalls, switches and routers are secure against preventable attacks.
The vulnerability management market
The research comes as more organizations are investing in automating vulnerability management to keep their environments secure, with the global security and vulnerability management market projected to grow from $13.8 billion in 2021 to $18.7 billion by 2026.
One of the most popular providers in the market is Tenable with Nessus, which combines vulnerability monitoring, IT and configuration assessments for traditional IT assets like servers and firewalls, alongside external attack surface management capabilities (EASM) to protect internet-facing assets outside the firewall.
Another key player in the market is Rapid7 with Insight VM (Nexpose), a vulnerability scanner with real-time vulnerability monitoring that generates risk scores for each vulnerability based on its age, what exploits exist for it, and more.
These solution categories can help organizations pinpoint the most high-risk vulnerabilities and give security teams a resource they can use to systematically mitigate them.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.