top of page

A Misconfigured IT setting - Common data security mistake which are being repeated again and again

White Hat Security explained a misconfigured IT setting as follows:-

Many servers come with unnecessary default and sample files, including applications, configuration files, scripts, and webpages. They may also have unnecessary services enabled, such as content management and remote administration functionality. Debugging functions may be enabled or administrative functions may be accessible to anonymous users. Servers may include well-known default accounts and passwords. Failure to fully lock down or harden the server can leave improperly set file and directory permissions.

In a recent breach in the US, a clearinghouse and cloud software services provider based in Puerto Rico reported that due to a misconfiguration, an incident of an "unauthorized access /disclosure" breach happens that involved a network server impacting 1.56 million individuals.

It appears that these types of mishaps are becoming increasingly common. Some experts claimed that with today's technology that is becoming more and more complex and also quicker and easier to deploy, it creates an environment in which it is very easy to quickly deploy an improperly and/or insecurely configured solution.

In the above case, the company apparently did not report the breach. Authorities only got to know the breach when they received several consumer complaints about receiving multiple letters from the organisation, including some letters misaddressed to other people.

Why mishaps involving misconfigured IT settings or coding have been a common source of breaches?

Apparently, often the root cause of the misconfiguration of web servers, firewalls, and file transfer protocol sites are lack of policies and procedures for changes to information systems when applying patches and updates that result in to applications or hardware, which interferes with information security technologies that had been put into place to safeguard sensitive data.

Don't wait until you had an incident.


bottom of page