May 30, 2019 SOURCE: PR NewsWire

Digital Shadows Reveals a 50% Increase in Exposed Data in One Year

LONDON and SAN FRANCISCO, May 30, 2019 /PRNewswire/ -- Digital Shadows, the leader in digital risk protection, today unveiled the findings of a new report from its Photon Research Team, "Too Much Information: The Sequel," assessing the scale of inadvertent global data exposure. The team's research revealed the exposure of 2.3 billion files across online file stores, including customer data such as passport scans and bank statements, as well as business information, such as credentials to company systems.

The exposure represents an increase of over 750 million files since the same study was carried out by Digital Shadows in 2018 - more than a 50% annual increase. The exposure - including 326 million records from the US, 98 million from the UK and 121 million from Germany - could put many companies in breach of GDPR regulation, which became effective one year ago. This is leaving them at risk of EUR20 million ($22 million) in fines / 4% of global turnover for failure to adequately protect the data of their customers.

The cause of this data exposure is due to the misconfiguration of commonly used file storage technologies. Nearly 50% of the files (1.071 billion) were exposed via the Server Message Block protocol - a technology for sharing files first designed in 1983. Other misconfigured technologies including FTP services (20% of total), rsync (16%), Amazon S3 'buckets' (8%) and Network Attached Storage devices (3%) were cited as additional sources of exposure.

Photon Research Team warned that risks to organizations as a result of this exposure are severe. Not only are the ramifications of data privacy laws like GDPR significant, the exposed data gives attackers everything they need to launch personalized attacks targeting their customers, employees, and third parties. For instance, over 17 million exposed files have been encrypted by ransomware, 2 million of which by the recently discovered 'NamPoHyu' variant. Businesses have likely been impacted by these ransomware attacks and may not be aware. In another example, a small IT consulting company in the UK was found to be exposing 212,000 files, many of which belonged to their clients, with password lists kept in plain text. This is a prime example of organizations trusting third parties with their data and not have visibility when those third parties fail to keep them secure.

The risks to individual consumers are high as well. With the wealth of data exposed by organizations who trust them to keep it secure, attackers can easily use that information to execute targeted attacks against the individuals themselves. For example, the research found an open FTP server containing everything an attacker would need to conduct identity theft - including job applications, personal photos, passport scans, and bank statements. The team also found 4.7 million exposed medical-related files, the majority of which were DICOM (DCM) medical imaging files, including x-rays and other health-related imaging scans. With GDPR regulations in effect, and data privacy laws tightening around the world, consumers impacted by this exposure have more power than ever to act against the organizations who allowed their data to be exposed in the first place.

While overall file exposure has increased, the Photon Team reported a sharp decline in data exposed by Amazon S3 'buckets.' In November 2018, Amazon introduced 'Amazon S3 Block Public Access,' which provided more extensive security controls for its services. The Photon Research Team noted that since November (when there were just over 16 million exposed files) the number of S3 storage files exposed today has decreased to just 1,895 open buckets - a noticeable improvement for a service widely used by organizations across the globe.

Harrison Van Riper, a Photon Research analyst, commented: "Our research shows that in a GDPR world, the implications of inadvertently exposed data are even more significant. Countries within the European Union are collectively exposing over one billion files - nearly 50% of the total we looked at globally - some 262 million more than when we looked at last year. Some of the data exposure is inexcusable - Microsoft has not supported SMBv1 since 2014, yet many companies still use it. We urge all organizations to regularly audit the configuration of their public facing services."

Digital Shadows is advising organizations to take the following precautions:

    --  Use Amazon S3 Block Public Access to limit public exposure of buckets
        which are intended to be private. Enable logging through AWS to monitor
        for any unwanted access or potential exposure points.
    --  Disable SMBv1, and for systems which require the protocol, update to
        SMBv2 or v3. IP whitelisting should be used to enable only those systems
        that are authorized to access those shares, are indeed the only ones
        accessing those shares.
    --  If rsync is only used internally, disable port 837 to disallow any
        external connections. Encrypting all communications to and from rsync
        storage will also decrease potential exposure points.
    --  Use Secure FTP (SFTP) as an update to FTP (which is over 30 years old)
        which adds SSH encryption to the protocol.
    --  As with FTP servers, network attached storage (NAS) drives should be
        places internally behind a firewall and implement access control lists
        to prevent unwanted access.

For further details, read Digital Shadows' blog announcement of the research.

ABOUT DIGITAL SHADOWS

Digital Shadows minimizes digital risk by identifying unwanted exposure and protecting against external threats. Organizations can suffer regulatory fines, loss of intellectual property, and reputational damage when digital risk is left unmanaged. Digital Shadows SearchLight(TM) helps you minimize these risks by detecting data loss, securing your online brand, and reducing your attack surface. To learn more, visit www.digitalshadows.com.

MEDIA CONTACT:
Dex Polizzi
Lumina Communications on behalf of Digital Shadows
(646) 741-8358
ds@luminapr.com

View original content:http://www.prnewswire.com/news-releases/digital-shadows-reveals-a-50-increase-in-exposed-data-in-one-year-300858616.html

SOURCE Digital Shadows

Related News

Quantum's StorNext Software Makes Cloud Content More Accessible, Speeds Data Retrieval

Komprise Intelligent Data Management Drives Down Costs of Public Cloud by over 40%

Wave Computing Files for Chapter 11 Protection

Micro Focus Introduces File Analysis Suite to Reduce Risk Associated with Global Data Privacy Regulations

Qumulo Introduces New Suite of Data Services to Radically Simplify File Data Management at Scale

Pure Storage Unveils Purity 6.0 for FlashArray, Delivering Agile Data Services to Enable the Modern User Experience

CTERA Extends the Global File System to DevOps

Scale Computing Offers Acronis Cloud Storage, Expands Storage Options for Enhanced Data Backup, Disaster Recovery, and Ransomware Mitigation

View all News

Related Procurements

Scanning services

The LG patient record comprises of the LG envelope and the contents, which is an important part of the patient’s historical medical record. Each Lloyd George envelope has a broad...

Library equipment

This Pre-market engagement process is in advance of the expiration of the CPC framework for Library Resources which expires 08/10/2024. The scope is expected to cover books, eBooks, audio books,...

Deadline: Jun 30, 2024

Health and social work services

The Council invites Suppliers to join a Light Touch Regime Dynamic Purchasing System (LTR DPS) for Supported Living Services for Individuals with a Learning Disability, Autistic Spectrum Conditions and/or Mental...

View all Procurementsp