Warning: Undefined array key "HTTP_ACCEPT_LANGUAGE" in /home/u596154002/domains/usbusinessreviews.com/public_html/wp-includes/load.php on line 2057

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the rank-math domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u596154002/domains/usbusinessreviews.com/public_html/wp-includes/functions.php on line 6114
New Report Reveals U.S. Federal Government Exposed to Significant Cybersecurity Risks Due to Exploitable Network Misconfigurations - Best Business Review Site 2024

New Report Reveals U.S. Federal Government Exposed to Significant Cybersecurity Risks Due to Exploitable Network Misconfigurations

[ad_1]

Research shows an average of 51 network device misconfigurations were discovered in the last two years with 4% deemed to be critical vulnerabilities that could take down the network

WORCESTER, UK and ARLINGTON, VA, November 1 2022Titania, specialists in accurate network security and compliance assessments and risk remediation software, launched a new independent research report that uncovers the impact of exploitable misconfigurations on the security of networks in the U.S. federal government.

The study, The impact of exploitable misconfigurations on the security of agencies’ networks and current approaches to mitigating risks in the U.S. Federal Government, finds that network professionals report that they are meeting their security and compliance practices, but data suggest that risk remains elevated. A result which, according to the findings from the report, is likely to be costing billions of dollars each year.

Notably, the research disclosed that federal government respondents were the only sector representatives to say that they exclusively assessed the configurations of their firewalls. Switches and routers were not included in their network checks. So, in effect, the agencies are sampling the security of their fleets of network devices. According to Zero Trust best practice, continuous assessment of all devices is essential when it comes to preventing intrusion and inhibiting lateral movement across networks. Sampling is an inherently risky approach to configuration security that leaves agencies open to the threat of configuration drift taking down networks.

In addition, the survey found most federal government respondents cite the inability to prioritize risk (81%) and inaccurate automation (44%) as their top two challenges in meeting their enterprise security and external compliance requirements. Federal respondents also indicated that financial resources allocated to mitigating network configuration risks, which currently stands at around 3.4% of the total IT budget, are a limiting factor in configuration management.

Specifically, the study, which surveyed senior cybersecurity decision-makers across the U.S. federal government, revealed:

  • Confidence in compliance and practices. Every respondent from the federal government sector is confident that they meet their enterprise security and external compliance requirements. More than 88% agreed that their agency relies on compliance to deliver security. However, based on other findings, this reveals a disconnect between network security perception and reality.
  • Expansive networks, infrequent assessments. Federal agencies reported a vast number of devices within their networks – over 1,000 on average. This is approximately 160 more than other industries, such as banking and financial services. More than half (59%) of the respondents assess the configuration of network devices on an annual basis, 12% on a bi-monthly cycle, and 0% more frequently. Respondents felt these practices are sufficient to meet their security and compliance requirements.
  • Risk and remediation prioritization is a challenge. Almost three-quarters (71%) reported that their network security tools meant that they could effectively categorize and prioritize compliance risks. This is at odds with the fact that 81% said an inability to prioritize remediation based on risk is a top challenge.
  • Frequent configuration issues identified. Respondents reported they had detected an average of 51 misconfigurations in the previous year; 4% of which were deemed “critical,” and could have led to a severe security breach that could take the network down. As many as 83% reported having detected at least one critical configuration issue in the last two years.
  • Routers and switches overlooked. When validating network device configuration settings, all (100%) federal organizations only assess firewalls, not switches or routers.
  • Low confidence in compliance in the supply chain. Only 18% of respondents were confident that other players in their organization’s supply chains take a rigorous and robust approach to network configuration security. The federal government also made up the highest percentage (71%) of respondents that reported relying on suppliers’ external accreditations from CMMC, DISA, NIST, FISMA and ISO to gain assurances regarding supply chain risk management.

“A determined attacker will try every way to access a network until they gain entry,” said Matt Malarkey, VP, Strategic Alliances, Titania. “A known vulnerability or misconfiguration is an easy way in. As our report uncovers, the U.S. federal government is not immune. Government agencies need to adopt a Zero Trust approach to cybersecurity – hardening networks from the inside-out to make it significantly harder for intruders to gain entry and move laterally.”

“Other proactive security practices, like attack surface management, encourage organizations to show continuous vigilance. So, it’s important that government agencies adopt them, especially since the recent joint Cybersecurity Advisory from the NSA, CISA and FBI pointed to enemies altering network device configurations to enable and scale attacks,” added Malarkey. “Increasing the frequency of risk assessments and remediation of all network devices is the first step to preventing configuration drift from taking down U.S. government networks and allowing intruders to gain access to sensitive systems and data.”

To continue helping the public sector close the gap on cybersecurity weaknesses related to misconfigurations, Titania has partnered with Merlin Cyber, a company focused on innovation, technical expertise and go-to-market acceleration that enables the U.S. Government to solve critical cybersecurity challenges with best-in-class and emerging solutions.

“Government networks are changing every single day as agencies embrace digital transformation and shift to the cloud,” said Dean Webb, cybersecurity engineer at Merlin Cyber. “However, if federal agencies are not continuously monitoring their network device configurations, they are in essence inherently trusting the operation of those devices. This practice is not only counter to Zero Trust principles, but it also is proving to be a very soft target for bad actors to exploit and to gain a foothold into sensitive government systems and data.”

About the Research
Titania commissioned an independent B2B research specialist, Coleman Parkes, to conduct the study. The firm surveyed 160 CIOs, Heads of Networks, Network Architects, and other experts across the U.S. federal government and other U.S. critical national infrastructure sectors (military, oil & gas, telecoms, and financial services), for comparison purposes. The survey asked how organizations currently detect and mitigate vulnerabilities in the specified part of the network. And how confident they are that devices always maintain a secure configuration. The full report can be downloaded here: https://info.titania.com/impact-of-exploitable-misconfigurations-federal.

About Merlin
Merlin is a powerful ecosystem of cybersecurity investment, innovation, technical expertise, and go-to-market acceleration with 25 years of experience working with the U.S. Public Sector. Through Merlin, federal civilian, defense, state, local and education customers access innovative cybersecurity solutions that have been strategically curated due to their ability to effectively meet public sector requirements and mission priorities. Merlin does this by selectively partnering with best-in-class cybersecurity brands, investing in visionary emerging technologies and accelerating growth and value creation for its partners. This enables the U.S. Public Sector to successfully keep ahead of today’s critical threats, accelerate modernization initiatives, and defend our nation. Learn more at merlincyber.com.

About Titania
Based in the UK and Arlington, VA, Titania delivers essential cybersecurity automation software to thousands of organizations, including 30+ federal agencies within the US government, global telcos, multinational financial institutions, and the world’s largest oil and gas companies. Specializing in the accurate security and compliance risk assessment and remediation for networking devices – firewalls, switches, and routers – Titania helps organizations defend their networks from preventable attacks by identifying configuration drift and prioritizing the remediation of their most critical risks first. The company is best known for its award-winning solution, Nipper, which also overlays its security risk findings onto RMF assessments to assure compliance for CDM, DISA RMF, NIST, CMMC, and PCI DSS. To meet the growing market need for continuous accurate risk and remediation prioritized assessments, Titania is now focusing on scaling Nipper for enterprises to support their zero trust security strategies. Visit Titania at www.titania.com

For more information, please contact:
CCgroup for Titania
Beth Fichtel/Cassandra Hegarty
T: +1 914.588.2695
E: titania@ccgrouppr.com


[ad_2]

Source link

slot gacor slot gacor togel macau slot hoki bandar togel slot dana slot mahjong link slot link slot777 slot gampang maxwin slot hoki slot mahjong slot maxwin slot mpo slot777 slot toto slot toto situs toto toto slot situs toto situs toto situs toto situs toto slot88 toto slot slot gacor thailand slot bet receh situs toto situs toto slot toto slot situs toto situs toto situs toto situs togel macau toto slot slot demo slot pulsa slot pragmatic situs toto deposit dana 10k surga slot toto slot link situs toto situs toto slot situs toto situs toto slot777 slot gacor situs toto slot slot pulsa 10k toto togel situs toto slot situs toto slot gacor terpercaya slot dana slot gacor pay4d agen sbobet kedai168 kedai168 deposit pulsa situs toto slot pulsa situs toto slot pulsa situs toto situs toto situs toto slot dana toto slot situs toto slot pulsa toto slot situs toto slot pulsa situs toto situs toto situs toto toto slot toto slot slot toto akun pro maxwin situs toto slot gacor maxwin slot gacor maxwin situs toto slot slot depo 10k toto slot toto slot situs toto situs toto toto slot toto slot toto slot toto togel slot toto togel situs toto situs toto toto slot slot gacor slot gacor slot gacor situs toto situs toto cytotec toto slot situs toto situs toto toto slot situs toto situs toto slot gacor maxwin slot gacor maxwin link slot 10k slot gacor maxwin slot gacor slot pulsa situs slot 10k slot 10k toto slot toto slot situs toto situs toto situs toto bandar togel 4d toto slot toto slot