Some 400,000 servers belonging to 1,500 companies audited in a recent study of attack surfaces were left exposed and discoverable over the internet, security provider Zscaler found in a new report.
Nearly 50 percent of those servers supported outdated and vulnerable protocols, Zscaler said in its “Exposed,” report, which it is hailing as the industry’s first global examination on the state of corporate attack surfaces. Public clouds posed a particular risk of exposure, with more than 60,500 exposed instances found across Amazon Web Services (AWS), Microsoft Azure Cloud, and Google Cloud Platform (GCP), the San Jose, California-based company said.
In the rapid spike to pandemic-insisted remote working, it is no surprise that businesses saw their attack surfaces increase. Coupled with greater reliance on public cloud services and vulnerable enterprise VPNs, large organizations not using zero trust security became more vulnerable to network intrusion attacks, Zscaler’s report said.
“The sheer amount of information that is being shared today is concerning because it is all essentially an attack surface,” said Nathan Howe, Zscaler emerging technology vice president.
More data from the study by region:
- Zscaler’s study spans 53 countries worldwide, 59 percent of which are based in the Americas.
- International companies with more than 20,000 employees have more vulnerable attack surfaces due to their distributed workforce, infrastructure and greater number of applications that need to be managed.
- EMEA led the world in overall exposure and potential risk with 164 common vulnerabilities and exposures (CVE) vulnerabilities.
- EMEA-based businesses had the most exposed servers, with an average of 283 exposed servers and 52 exposed public cloud instances each. They were also more likely to support outdated SSL/TLS protocols and had greater risk of CVE vulnerabilities on average.
- The EMEA region was followed by the Americas with 132 CVE’s. APAC had an average of 80 CVE possible vulnerabilities.
- Of 23 different industries tracked, telecommunications was the most vulnerable and had the highest average number of outdated protocols in their servers. Telecom companies had the third highest average of exposed servers to the internet.
- The hospitality industry including restaurants, bars, and food service, had AWS instances exposed three times more often than any other cloud providers.
Cybersecurity Recommendations for MSSPs, IT Professionals
Zscaler recommended companies take these measures to mitigate risk:
1. Minimize attack surfaces. Without comprehensive security measures, such as a zero trust model, digital transformation initiatives and cloud migration efforts can also create new vectors of attack and threaten business continuity, professional reputation and employee safety.
2. Know your exposure. Knowing your visible attack surface is key to effective risk mitigation. As companies move more applications to the cloud, know your network access points that are exposed to the internet. If your employees can find it, so can cyber attackers.
3. Know your potential vulnerabilities. Stay current with the latest updates to the CVE database. Remove support for older TLS versions from servers to reduce risk.
4. Adopt practices that minimize risk. Choose technologies that provide visibility into IT and cloud infrastructure and implement zero trust.
"By understanding their individual attack surfaces and deploying appropriate security measures, including zero trust architecture, companies can better protect their application infrastructure from recurring vulnerabilities that allow attackers to steal data, sabotage systems, or hold networks hostage for ransom,” Howe said.