Misconfigurations continue to be a popular point of compromise — with routers taking the lead.
As per a recent study, 86% of participants have never altered their router admin password, and 52% have never modified any default settings. This creates an ideal opportunity for attackers to breach enterprise networks. Why go through the trouble of crafting phishing campaigns and stealing employee data when seemingly secure devices can be accessed using credentials like “admin” and “password”?
It’s high time for a reality check regarding router security.
Emerging vulnerabilities in routers
Routers facilitate the sharing of internet connection among multiple devices. Their main function is to direct traffic — internal devices are guided to external services through the most efficient route, while incoming data is directed to the appropriate destination.
If malicious actors successfully compromise routers, they gain control over both outbound and inbound traffic within your network. This exposes potential risks such as:
The clandestine nature of router attacks makes them challenging to detect. This is because cyber adversaries are not employing forceful methods to infiltrate routers or taking convoluted paths to evade security measures. Instead, they are exploiting neglected vulnerabilities to directly access routers, which helps them avoid triggering alarms.
Imagine a scenario where a router has “admin” as its login and no password. With a few basic guesses, attackers can infiltrate router settings without setting off a security alert, as they haven’t breached a network service or compromised an application. Essentially, they are gaining entry to routers just like your staff and IT teams.
Analysis of the disconnect in defensive measures
Organizations acknowledge the imperative need for strong cybersecurity. According to Gartner, investment in information security is projected to rise by 15% in 2025, reaching $212 billion. Common areas of investment include endpoint protection platforms (EPPs), endpoint detection and response (EDR), and the integration of generative AI (gen AI). However, routers often get overlooked.
For instance, 89% of respondents have not updated their router firmware, changed their default network name, or altered their Wi-Fi password. This poses a serious concern. A recent analysis revealed that common OT/IoT router firmware images were outdated and harbored exploitable N-day vulnerabilities. On average, open-source components were more than five years old and lagged four years behind the latest release.
In a case highlighted by GovTech, an assault on a water authority in Pittsburgh succeeded partly because the default password for its network was “1111”. Commonly used passwords like “password” and “123456;” are also prevalent, with some routers having no passwords at all. Attackers generally require the login credentials — which often is “admin” — to gain full control of router functionalities.
Furthermore, router security is deteriorating rather than improving. In 2022, 48% of participants admitted to not adjusting their router settings, and 16% had never altered the admin password. Fast forward to 2024, and over 50% of routers still run on factory settings, with merely 14% changing their password.
Emphasizing expenditures on security tools while neglecting default configurations and firmware updates leads to sealing the main doors but leaving windows wide open.
Reducing misconfiguration errors
So, how can enterprises mitigate the risk of misconfiguration blunders?
The solution begins with the fundamentals: Regularly changing passwords, updating firmware, and ensuring routers are not left on default settings. Sounds straightforward? Absolutely. Commonplace? Not according to survey data.
In part, the disparity between router vulnerabilities and security realities is due to the abundance of cyberattacks. For instance, in 2023, 94% of companies faced phishing attacks, and as per the IBM Cost of a Data Breach Report for 2024, the average cost of a data breach has surged to $4.88 million, a 10% increase from 2023 and a record high. Consequently, cybersecurity squads are focused on defense and vigilant against prevalent attack mechanisms including phishing, smishing, and the usage of unauthorized “shadow IT” apps.
Consequently, routers might slip through the radar. The primary step in addressing this issue is establishing a regular update regimen. Every four to six months, mark a date for a router evaluation — add it to a shared calendar and ensure all security personnel are aware of the impending review. Upon the designated date, update firmware when possible and alter login credentials. It’s also prudent to set a weekly routine for reviewing router traffic for anomalies or unexpected login attempts.
Enhancing security measures
While adhering to basic cyber hygiene helps to mitigate the risk of router assaults, fortifying security necessitates a more comprehensive approach.
The primary step revolves around pinpointing and securing every router on the network. Given the intricate nature of corporate networks, employing automation stands out as the most efficient method to achieve this. Solutions like IBM SevOne Automated Network Observability offer ready-made workflow templates for IT teams to identify connected devices, gather performance data, and make informed decisions.
Organizations must also contemplate the response framework when a router breach occurs. Despite the diligent efforts of security teams, the escalating number of endpoints only increases the likelihood of attackers finding unprotected routers or circumventing existing defenses.
An efficient response hinges on efficient incident management. Tools such as IBM Instana deliver full-stack visibility, one-second granularity, and a three-second notification window, ensuring teams have the necessary information promptly to minimize security vulnerabilities.
In essence, failing to monitor and update router settings can pave the way for exploitation. To tackle this challenge, teams require a recalibration of router security. By amalgamating best practices in security hygiene with intelligent automation solutions, organizations can effectively keep unauthorized intruders outside protected networks.
The escalating threat of router intrusions, paired with unrealistic anticipations, poses intricate hurdles for security teams. The solution? Augmented observability. Learn more about IBM Instana and how it can provide support.