Misconfigurations stay a preferred compromise level — and routers are main the best way.
In accordance with latest survey knowledge, 86% of respondents have by no means modified their router admin password, and 52% have by no means adjusted any manufacturing unit settings. This places attackers within the excellent place to compromise enterprise networks. Why put the effort and time into creating phishing emails and stealing employees knowledge when supposedly safe units may be accessed utilizing “admin” and “password” as credentials?
It’s time for a router actuality verify.
Rising router dangers
Routers enable a number of units to make use of the identical web connection. They accomplish this objective by directing visitors — inside units are routed alongside essentially the most environment friendly path to outside-facing providers, and incoming knowledge is distributed to the suitable endpoint.
If attackers handle to compromise routers, they will management each what comes out of and what goes into your community. This introduces dangers akin to:
The character of router assaults additionally makes them onerous to detect. It is because cyber criminals aren’t forcing their approach into routers or taking circuitous routes to evade security defenses. As a substitute, they’re profiting from ignored weak spots to entry routers immediately, which implies they aren’t elevating purple flags.
Contemplate a router with “admin” because the login and no password. Just a few easy guesses get attackers into router settings with out triggering a security response since they haven’t breached a community service or compromised an utility. As a substitute, they’ve accessed routers the identical approach as employees and IT groups.
Discover IBM Instana
Exploring the defensive disconnect
Corporations acknowledge the necessity for strong cybersecurity. In accordance with Gartner, spending on info security will develop 15% in 2025 to succeed in $212 billion. Widespread funding areas embody endpoint safety platforms (EPPs), endpoint detection and response (EDR) and the combination of generative AI (gen AI). Routers, nonetheless, are sometimes ignored.
For instance, 89% of respondents have by no means up to date their router firmware. The identical quantity have by no means modified their default community identify, and 72% have by no means modified their Wi-Fi password.
That is problematic. A latest report discovered that in style OT/IoT router firmware photographs had been outdated and contained exploitable N-day vulnerabilities. The report discovered that, on common, open-source parts had been greater than 5 years outdated and had been 4 years behind the newest launch.
As famous by GovTech, in the meantime, an assault on a Pittsburgh-area water authority succeeded partly as a result of the default password to its community was “1111”. Different frequent passwords embody “password” and “123456;” in some circumstances, routers haven’t any passwords. All attackers want is the login credential — which is usually “admin” — and so they have full entry to router capabilities.
Much more telling is the truth that router security is getting worse, not higher. Contemplate that in 2022, 48% of respondents stated that they had not adjusted their router settings, and 16% had by no means modified the admin password. In 2024, over 50% of routers had been nonetheless operating on manufacturing unit settings, and simply 14% had modified their password.
By spending extra on security instruments however not altering default configurations or updating router firmware, companies are closing the doorways however leaving the home windows extensive open.
Minimizing misconfiguration errors
So, how do corporations decrease the chance of misconfiguration errors?
It begins with the fundamentals: Change passwords recurrently, replace firmware and make sure that routers aren’t left on manufacturing unit settings. Easy? Completely. Widespread? As survey knowledge signifies, not a lot.
Partly, the disconnect between router dangers and security realities stems from the sheer quantity of cyberattacks. For instance, 2023 noticed 94% of corporations hit by phishing assaults, and as famous by the IBM Value of a Data Breach Report 2024, the common price of a data breach is now $4.88 million, up 10% from 2023 and the best ever reported. This places cybersecurity groups on the defensive and on excessive alert for frequent assault vectors akin to phishing, smishing and using “shadow IT” purposes that haven’t been vetted or accredited.
In consequence, routers can slip via the cracks. Step one in fixing this downside is creating a daily replace schedule. Each 4 to 6 months, schedule a router evaluation — put it in a shared calendar, and ensure all security employees realize it’s going to occur. When the designated day comes, replace firmware the place potential and alter login and password particulars. It’s additionally price establishing a weekly schedule to evaluation router visitors for any odd behaviors or surprising login requests.
Shoring up security
Whereas fundamental cyber hygiene helps decrease the chance of router assaults, shoring up security requires a extra in-depth strategy.
Step one is discovering and securing each router in your community. Given the more and more advanced nature of enterprise networks, the simplest option to accomplish this objective is by utilizing automation. Options akin to IBM SevOne Automated Community Observability present pre-built workflow templates for IT groups to determine linked units, acquire efficiency knowledge and make data-driven choices.
Corporations additionally want to contemplate what occurs when a router compromise happens. Regardless of finest efforts by security groups, the rising variety of finish factors means it’s solely a matter of time till attackers handle to search out unprotected routers or circumvent present defenses.
Efficient response requires efficient incident administration. Options akin to IBM Instana supply full-stack visibility, one-second granularity and three seconds to inform, giving groups the data they want once they want it to scale back security dangers.
Backside line? Failure to watch and replace router settings can open the door to compromise. To unravel the issue, groups want a router actuality verify. By combining security hygiene finest practices with clever automation options, enterprises can hold unauthorized customers the place they belong: 0utside protected networks.
The rising danger of router assaults, paired with a rising listing of unreasonable expectations, creates advanced challenges for security groups. The answer? Unreasonable observability. Be taught extra on IBM Instana and the way it might help.