According to a recent report, over 70 billion unprotected files are currently freely available and accessible on unsecured web servers.
The 2023 State of the External Attack Surface: Annual Threat Trends Analysis Report was released last week by CybelAngel. The report highlights the critical paths hackers will take to get to their target, as well as trends in cybercrime, key areas of data risk, and a breakdown of exposures by industry.
The findings from the 2023 External Attack Surface Report reveal that exposures outside of an organization’s firewall are the greatest source of cybersecurity threats. Across all industries, these vulnerabilities, composed of unprotected or compromised assets, data, and credentials, have proven to be an increasing challenge for organizations to detect and secure.
Among exposures, CybelAngel found:
- 87% of all detected threats are from third-party or malicious actors.
- Almost 1 in 10 (9%) of all detected internet-facing assets had an associated unpatched vulnerability. The top 10 CVEs were found unpatched at least 12 million times each.
- More than 70 billion unprotected files, including intellectual property and financial information, are currently freely available and accessible on unsecured web servers.
The top three exposed industries are:
- Retail, with a disproportionately high number of malicious domains and many vulnerabilities detected in their assets.
- Telecommunications, which ranked notably high in many of the risk areas we examined—open ports, unsecured databases, sensitive documents, leaked credentials, and dark web activity.
- Business Services: Business Services were overrepresented in dark web activity and the number of malicious domains.
The 52-page PDF report is available here with additional trends and predictions. Check it out!
So, what do you think? Are you surprised that there are 70 billion unprotected files out there? Please share any comments you might have or if you’d like to know more about a particular topic.
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.