New Report Reveals U.S. Federal Government Exposed to Significant Cybersecurity Risks Due to Exploitable Network Misconfigurations


Research shows an average of 51 network device misconfigurations were discovered in the last two years with 4% deemed to be critical vulnerabilities that could take down the network

WORCESTER, UK and ARLINGTON, VA, November 1 2022Titania, specialists in accurate network security and compliance assessments and risk remediation software, launched a new independent research report that uncovers the impact of exploitable misconfigurations on the security of networks in the U.S. federal government.

The study, The impact of exploitable misconfigurations on the security of agencies’ networks and current approaches to mitigating risks in the U.S. Federal Government, finds that network professionals report that they are meeting their security and compliance practices, but data suggest that risk remains elevated. A result which, according to the findings from the report, is likely to be costing billions of dollars each year.

Notably, the research disclosed that federal government respondents were the only sector representatives to say that they exclusively assessed the configurations of their firewalls. Switches and routers were not included in their network checks. So, in effect, the agencies are sampling the security of their fleets of network devices. According to Zero Trust best practice, continuous assessment of all devices is essential when it comes to preventing intrusion and inhibiting lateral movement across networks. Sampling is an inherently risky approach to configuration security that leaves agencies open to the threat of configuration drift taking down networks.

In addition, the survey found most federal government respondents cite the inability to prioritize risk (81%) and inaccurate automation (44%) as their top two challenges in meeting their enterprise security and external compliance requirements. Federal respondents also indicated that financial resources allocated to mitigating network configuration risks, which currently stands at around 3.4% of the total IT budget, are a limiting factor in configuration management.

Specifically, the study, which surveyed senior cybersecurity decision-makers across the U.S. federal government, revealed:

  • Confidence in compliance and practices. Every respondent from the federal government sector is confident that they meet their enterprise security and external compliance requirements. More than 88% agreed that their agency relies on compliance to deliver security. However, based on other findings, this reveals a disconnect between network security perception and reality.
  • Expansive networks, infrequent assessments. Federal agencies reported a vast number of devices within their networks – over 1,000 on average. This is approximately 160 more than other industries, such as banking and financial services. More than half (59%) of the respondents assess the configuration of network devices on an annual basis, 12% on a bi-monthly cycle, and 0% more frequently. Respondents felt these practices are sufficient to meet their security and compliance requirements.
  • Risk and remediation prioritization is a challenge. Almost three-quarters (71%) reported that their network security tools meant that they could effectively categorize and prioritize compliance risks. This is at odds with the fact that 81% said an inability to prioritize remediation based on risk is a top challenge.
  • Frequent configuration issues identified. Respondents reported they had detected an average of 51 misconfigurations in the previous year; 4% of which were deemed “critical,” and could have led to a severe security breach that could take the network down. As many as 83% reported having detected at least one critical configuration issue in the last two years.
  • Routers and switches overlooked. When validating network device configuration settings, all (100%) federal organizations only assess firewalls, not switches or routers.
  • Low confidence in compliance in the supply chain. Only 18% of respondents were confident that other players in their organization’s supply chains take a rigorous and robust approach to network configuration security. The federal government also made up the highest percentage (71%) of respondents that reported relying on suppliers’ external accreditations from CMMC, DISA, NIST, FISMA and ISO to gain assurances regarding supply chain risk management.

“A determined attacker will try every way to access a network until they gain entry,” said Matt Malarkey, VP, Strategic Alliances, Titania. “A known vulnerability or misconfiguration is an easy way in. As our report uncovers, the U.S. federal government is not immune. Government agencies need to adopt a Zero Trust approach to cybersecurity – hardening networks from the inside-out to make it significantly harder for intruders to gain entry and move laterally.”

“Other proactive security practices, like attack surface management, encourage organizations to show continuous vigilance. So, it’s important that government agencies adopt them, especially since the recent joint Cybersecurity Advisory from the NSA, CISA and FBI pointed to enemies altering network device configurations to enable and scale attacks,” added Malarkey. “Increasing the frequency of risk assessments and remediation of all network devices is the first step to preventing configuration drift from taking down U.S. government networks and allowing intruders to gain access to sensitive systems and data.”

To continue helping the public sector close the gap on cybersecurity weaknesses related to misconfigurations, Titania has partnered with Merlin Cyber, a company focused on innovation, technical expertise and go-to-market acceleration that enables the U.S. Government to solve critical cybersecurity challenges with best-in-class and emerging solutions.

“Government networks are changing every single day as agencies embrace digital transformation and shift to the cloud,” said Dean Webb, cybersecurity engineer at Merlin Cyber. “However, if federal agencies are not continuously monitoring their network device configurations, they are in essence inherently trusting the operation of those devices. This practice is not only counter to Zero Trust principles, but it also is proving to be a very soft target for bad actors to exploit and to gain a foothold into sensitive government systems and data.”

About the Research
Titania commissioned an independent B2B research specialist, Coleman Parkes, to conduct the study. The firm surveyed 160 CIOs, Heads of Networks, Network Architects, and other experts across the U.S. federal government and other U.S. critical national infrastructure sectors (military, oil & gas, telecoms, and financial services), for comparison purposes. The survey asked how organizations currently detect and mitigate vulnerabilities in the specified part of the network. And how confident they are that devices always maintain a secure configuration. The full report can be downloaded here: https://info.titania.com/impact-of-exploitable-misconfigurations-federal.

About Merlin
Merlin is a powerful ecosystem of cybersecurity investment, innovation, technical expertise, and go-to-market acceleration with 25 years of experience working with the U.S. Public Sector. Through Merlin, federal civilian, defense, state, local and education customers access innovative cybersecurity solutions that have been strategically curated due to their ability to effectively meet public sector requirements and mission priorities. Merlin does this by selectively partnering with best-in-class cybersecurity brands, investing in visionary emerging technologies and accelerating growth and value creation for its partners. This enables the U.S. Public Sector to successfully keep ahead of today’s critical threats, accelerate modernization initiatives, and defend our nation. Learn more at merlincyber.com.

About Titania
Based in the UK and Arlington, VA, Titania delivers essential cybersecurity automation software to thousands of organizations, including 30+ federal agencies within the US government, global telcos, multinational financial institutions, and the world’s largest oil and gas companies. Specializing in the accurate security and compliance risk assessment and remediation for networking devices – firewalls, switches, and routers – Titania helps organizations defend their networks from preventable attacks by identifying configuration drift and prioritizing the remediation of their most critical risks first. The company is best known for its award-winning solution, Nipper, which also overlays its security risk findings onto RMF assessments to assure compliance for CDM, DISA RMF, NIST, CMMC, and PCI DSS. To meet the growing market need for continuous accurate risk and remediation prioritized assessments, Titania is now focusing on scaling Nipper for enterprises to support their zero trust security strategies. Visit Titania at www.titania.com

For more information, please contact:
CCgroup for Titania
Beth Fichtel/Cassandra Hegarty
T: +1 914.588.2695
E: titania@ccgrouppr.com




Source link

istanbul escort aksaray escort arnavutköy escort ataköy escort avcılar escort avcılar türbanlı escort avrupa yakası escort bağcılar escort bahçelievler escort bahçeşehir escort bakırköy escort başakşehir escort bayrampaşa escort beşiktaş escort beykent escort beylikdüzü escort beylikdüzü türbanlı escort beyoğlu escort büyükçekmece escort cevizlibağ escort çapa escort çatalca escort esenler escort esenyurt escort esenyurt türbanlı escort etiler escort eyüp escort fatih escort fındıkzade escort florya escort gaziosmanpaşa escort güneşli escort güngören escort halkalı escort ikitelli escort istanbul escort kağıthane escort kayaşehir escort küçükçekmece escort mecidiyeköy escort merter escort nişantaşı escort sarıyer escort sefaköy escort silivri escort sultangazi escort suriyeli escort şirinevler escort şişli escort taksim escort topkapı escort yenibosna escort zeytinburnu escort porno 1080p porno izle 4k porno izle 720p porno izle abella danger alman alman porno alman porno izle aloha tube porno amatör amatör porno amatör porno izle anal anal porno anal porno izle arap porno asa akira porno asyalı porno bangbros porno bangbros porno izle banyoda sikis başörtülü porno beeg porno izle beyaz tenli porno izle biseksuel porno izle bisexsuel porno brandi love porno brazzers brazzers porno izle canli porno canli porno izle çinli porno çinli porno izle ensest porno ensest porno izle ensest seks erotik porno erotik porno izle esmer porno esmer porno izle etek altı fake agent fake taxi fake taxi porno fantazi pornoları fantezi porno izle fetiş porno fetiş porno izle fetish fransız porno fransız porno izle full hd hg porno izle gangbang porno genç kız porno izle genç kız sikişi genç teen porno izle gizli çekim porno gizli çekim pornosu grup pornosu grup porno grup porno izle hd pornolar hd porno hd porno izle hemşire porno hemşire pornosu hizmetçi porno hizmetçi porno izle ingiliz porno japon pornoları japon porno kızlık bozma kızlık bozma porno izle konulu porno konulu porno izle koreli porno köylü pornoları kumral porno kumral porno izle latin pornoları latin porno latin porno izle lezbiyen pornoları lezbiyen porno lezbiyen porno izle lisa ann porno liseli pornoları liseli porno liseli porno izle manken porno manken porno izle masaj porno izle masturbasyon porno izle masturbasyon pornoları mature porno mia khalifa porno mia malkova porno milf porno izle mobil porno mobil porno izle öğrenci porno izle öğretmen porno izle okul porno izle olgun kadın pornosu olgun porno oral porno oral porno izle oral seks porna izle pornhub pornhub porno izle porno film izle porno indir porno izle porno resimler porno star porntube porno izle redtube redtube pornoları riley reid porno rokettube rus pornoları rus porno rus porno izle sakso blowjob porno izle sarışın pornoları sarışın porno sarışın porno izle sarışın pornoları sekreter porno shemale sikiş sikiş sikiş izle şişman porno siyahi pornoları suriyeli pornoları swinger porno tecavüz porno teen porn türbanlı pornoları türbanlı porno türk pornoları türk porno türk porno izle türkçe altyazılı porno türkçe altyazılı porno izle xhamster pornoları xhamster porno xhamster porno izle xnxx xnxx porno xnxx porno izle xvideos xvideos porno izle yaşlı porno yeşilçam porno izle youjizz youporn youporn porno izle zenci porno güvenilir bahis siteleri bahis siteleri casino deneme bonusu casino siteleri deneme bonusu para yatırma bonusu bahis siteleri casino siteleribahis sitesi para yatırma