Security Misconfiguration Might be Your Top Vulnerability

Buying great security products is not enough. Companies must implement best practices security
configurations to get the highest level of security possible. Security misconfiguration is
often the key reason that a breach occurs. Configurations must be set up securely and adjusted regularly to include
recent best practices driven by knowledge of security flaws or recent attacks.

3 Reasons Why You Should Focus on Security Configurations

1) Security miscellaneous errors are responsible for nearly 20% of all security breaches (per the 2021
Verizon VDBR). Security misconfiguration is about 55% of miscellaneous errors. Security
misconfiguration causes can be as high as nearly 80% in information industry companies. Security misconfiguration errors
are an especially high percent of the cause of breaches in finance/insurance, healthcare, information,
professional services, and public administration industry companies.

2) OWASP lists security misconfiguration as their 2021 #5 top application security risk. Security misconfiguration
is the most commonly seen issue. This is commonly a result of insecure default configurations, incomplete or ad hoc
configurations, open cloud storage, misconfigured HTTP headers, and verbose error messages containing sensitive
information. Not only must all operating systems, frameworks, libraries, and applications be securely configured, but
they must be patched/upgraded in a timely fashion.

3) The CISA, FBI & NSA have three recommendations for heightened security. One of
them is “Enhance your organization’s cyber posture”. In that recommendation, they recommend companies “Implement
rigorous configuration management programs. Ensure the programs can track and mitigate emerging threats.
Review system configurations for misconfigurations and security weaknesses”. The CISA also wrote this report Strengthening Security Configurations to Defend
Against Attackers Targeting Cloud Services. This document includes best practices for Microsoft 365, server setup, password configurations
etc.

Top Security Misconfiguration Risks

Successful security attacks – via security holes that are not closed
- Patches not applied
- Security controls not configured to prevent latest threats
- IT not configured securely
False Sense of security – Literally
- The latest security controls, but not configured securely
Security threats ignored – false negatives (Not configured to discover latest threats)
Unauthorized user access and therefore uncontrolled access to:
- Data
- Applications (especially growing list of cloud apps)
- IT Systems
Unproductive security team – false positives keep team chasing false indicators
Key data is not backed up and/or not available to be restored – catastrophe
Unproductive employees
- Security is too tight, and users can do their jobs
- Email is uncontrolled and users spend all their time deleting spam or looking for expected emails
- Systems are down because of security attacks

Top Security Misconfiguration Risks by Category

	Misconfiguration Risks	Required Management Activities
Firewalls	Too Tight – restricts employee use Too Loose – Not effective, holes in security	Default to blocked unless specific traffic is required Enable security features Define groups to provide granularity
SIEMs	False positives – lead to real alerts being ignored Fales negatives from Incomplete policies does not generate appropriate security notifications. Allows attacks to occur	SIEMs need constant monitoring & polices tuned Alert threats & attacks must be investigated Remediation recommendations
MFA	Unauthorized users gain access Users have access to unintended applications & data Users have access privileges that are not required	Proactive authorize, deauthorize users & applications Control User enrollments Force minimum security factors Use MFA for everything (esp. SaaS, network, remote) Setup and manage SSO to make use easier
Endpoint Security	Malware is not prevented, detected, or remediated Data is stolen or destroyed	Appropriate levels of security by group are enabled Monitoring, alerting, and remediation actions Updates
Backup & DR	Key data is not backed up or can’t be restored	Properly configure backups and secondary storage Regularly test backups and restore capability
Cloud Application Security	Unauthorized users gain access to applications & data Unsanctioned applications used by employees Users have data access privileges that are not required	Add SSPM & CASB security Set User access & privilege rights 3^rd party application access control
Server Security (Including Pub./priv. cloud)	Server data is modified, destroyed, stolen Unauthorized users access data Data/server is unavailable for use	Add Zero trust security solutions Server EP protection software Control User access & privilege rights Active Directory & services controls
Email Security	Phishing, CEO fraud is not prevented Spam is not controlled & employees are unproductive Malware is introduced into your company	Set mail security & filtering thresholds & adjust Define appropriate quarantine actions and user controls Ongoing monitoring and adjust security
Wi-Fi	Unauthorized users gain access to your networks User roaming is not effective Network performance is slow	Define Wi-Fi networks & purpose Define network access rights by network Define network security including MFA & monitor Define roaming methods
Remote Access Security	Unauthorized users access data, apps, systems Data stolen, destroyed	Setup secure remote access Setup secure authorization, authentication (MFA+) Setup & maintain user rights and privileges Secure local computers, phones Protect data and retain on servers when possible
M365	Unauthorized user access Data is lost, stolen, or destroyed	User access & privilege rights Data Storage control (SharePoint…)
Network Access	Unauthorized users gain access to your networks	Access & privilege rights Up to date active/authorized users Monitor traffic & usage
IT Admin Security	Unauthorized admins gain control of everything Unauthorized user activity is undetected	Role definitions User management (PAM) Least use access & privilege rights

Security Misconfiguration Conclusions

Security misconfiguration is a significant reason why companies are successfully attacked
Security misconfiguration vulnerabilities can be avoided by active security management by an experienced
well-staffed team of security experts
Your Security is only as secure as the latest security configuration updates made by your team
Most companies are understaffed so even if they can install security, they don’t have time to manage them
Most IT/security teams are challenged to stay trained on regulation compliance and security product best
practices. So Best practices security configurations are difficult to maintain. This exposes security holes that
can be exploited by attackers who always attack the latest security vulnerabilities. Most times, vulnerabilities
can be avoided by implementing the latest best practices as specified by security product manufacturers and
security agencies.

Companies need to balance money
spent on security products with the staffing of an expert security services team

For many this means outsourcing to
a dedicated managed security service company is a good idea

Managed Security Provides:

Security compliance expertise
Security Control Product Expertise – trained on security product best practices
24×7 monitoring, adjusting and maintenance
A focus on security best practices – preventing, detecting, and mitigating security threats and attacks

Managed Security Benefits include:

Much higher levels of security
Better ROI on security budget
Better visibility on security posture
Higher level of compliance with security regulations

Contact
eSecurity today to discuss how 24×7 managed
security can offload your team and enable the highest level of security for your
company.

Are You Prepared for Russian Cyber Attacks?

Top 7 Reasons You Need a Risk Assessment

eSecurity Solutions Articles/Blog

Search by Keyword

Blog Categories

3 Reasons Security Misconfiguration is a Top Concern