According to ExtraHop, the majority of global organizations expose sensitive and insecure protocols to the public internet, potentially increasing their attack surface.
The vendor scanned a range of enterprise IT environments to assess cybersecurity posture based on open ports and exposure to sensitive protocols.
It revealed that 64% of people surveyed have at least one device exposing SSH, which could allow attackers to probe it for remote access.
The research also found that more than a third (36%) of organizations expose at least one device through the Insecure File Transfer Protocol (FTP), which sends files in plain text, meaning they can be easily intercepted.
More than two-fifths (41%) had at least one device exposing LDAP, which looks up user names in Active Directory. Protocols transmit requests in plain text, potentially compromising credentials.
Surprisingly, ExtraHop also found that 12% of organizations still have at least one device exposing Telnet to the public Internet, even though the remote connectivity protocol has been deprecated since 2002.
SMBs, which have been notoriously targeted by WannaCry and other attacks, are another common security risk for businesses. More than half (51%) of healthcare organizations and 45% of SLED organizations had multiple devices exposing the protocol.
ExtraHop CISO Jeff Costlow labeled the ports and protocols “the gates and corridors” that attackers use to explore networks and launch attacks.
“That’s why it’s so important to know what protocols are running on your network and what vulnerabilities are associated with them,” he added.
“It gives defenders the knowledge to make an informed decision about their risk tolerance and take action, such as maintaining an ongoing inventory of software and hardware in an environment, patching software quickly and continuously, and investing in tools to get real-time insights and analytics – to improve their cybersecurity readiness.
#organizations #expose #SSH #internet