The term “cyberattack” brings to mind malware, social engineering, network vulnerabilities or unpatched endpoints. But how do malicious actors manage to unleash their attack kill-chain in the first place? What is it that opens the gates to exploiting a weakness and breaching the infrastructure? With human error behind most successful attacks, perhaps we should look not beyond these culprits, but behind them.
Misconfigurations are a common cybersecurity gap. Security experts agree that configuration errors in privileges, endpoint settings, internet settings, risky services needlessly enabled, and bad access control configurations are leading causes of cybersecurity incidents especially in small and medium business environments like the ones protected by managed service providers (MSPs).
Misconfigurations enable bad actors to abuse IT administrators’ oversights within days, hours, and even minutes in some cases. If it takes longer than a day to fix a system misconfiguration, adversaries have the leverage they need to deploy a full-fledged attack and penetrate the targeted infrastructure in what first looked like a very small window of opportunity.
More than a quarter of organizations cite configuration management as one of the greatest challenges in securing endpoint devices. In fact, endpoint misconfiguration represents 27% of the threat entry points exploited by attackers.
Security teams are overwhelmed with reactive, repetitive tasks such as vulnerability management, incident triage and patching. Therefore, security misconfigurations are a lucrative attack avenue – bad actors know IT engineers who lack automation are always kept on their toes. Security teams require the means to assess risk and rapidly remediate configuration issues without disruption to IT systems.
“Why are security misconfigurations a common attack vector? Because bad actors know IT engineers typically lack automation and they are always on their toes, scooping out water from a leaking boat,” says Bogdan Botezatu, Director of Threat Research and Reporting, Bitdefender.
Misconfigurations are a granular affair, which means IT reps are constantly overburdened. Examples are plentiful: Unintended default accounts using default credentials. Open, unnecessary ports. User Account Controls (UAC) are insecure or disabled. Advanced protection is disabled. Automatic login is, dangerously, enabled or no-autorun settings are disabled. Insecure guest logon is enabled and, of course, misconfigured privileges abound.
Based on up to date telemetry, Bitdefender has released a free whitepaper that looks at the top 5 areas where IT departments like those operated by MSPs struggle with misconfigurations. Highlights include:
Learn how to enable your security team to plug these holes efficiently, with minimal effort and no impact on business operations. Download our free whitepaper: “Top 5 Endpoint Misconfigurations That Open Security Gaps.”
For more details on how MSPs can better manage endpoint configuration risks, tune in to this webinar.
Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.View all posts
Don’t miss out on exclusive content and exciting announcements!