A router manages IT networking traffic, connecting different equipment like PCs, printers, and servers, and allowing them to communicate with each other, as well as accessing external networks, especially the Internet.
The problem is one of “out of sight, out of mind”. Routers are installed, then forgotten.
Security is often only basic, updates are rarely or never performed. The router by its very nature offers direct routes to all equipment connected to it, a mouth-watering prospect for a hacker. Yet small businesses may not be the only ones in peril.
Enterprises often struggle with updating more visible devices such as PCs and mobile computing devices. So, it is no surprise that a router hidden away in a wiring closet or under somebody’s desk receives even less attention.
Router manufacturers have been criticised for offering only scant security.
In February 2017, the U.S. Federal Trade Commission went as far as to file a complaint against well-known router vendor D-Link, based on “inadequate security measures” that left users of D-Link’s wireless routers at risk.
However, even users of high-end routers may be menaced by hackers, if recent reports made public by WikiLeaks are accurate.
The information in the reports alleges that the CIA listed many possible attacks against routers from Cisco and HP, among other router manufacturers, and even designed spy software to work in the routers with minimal effects on performance, to prevent detection.
Experts seem pessimistic about the short-term outlook for improving router security, pointing to a lack of initiatives or interest from vendors in this area.
In the meantime, businesses may have few other options than to reinforce the security of the individual devices and machines attached to routers, and to ensure that all data, whether at rest in storage, or in motion flowing through routers, is encrypted to prevent data snooping and theft.