Critical IT, Security Services Dangerously Exposed To Internet: Report
For identifying and responding to attack surface risks, organisations must conduct continuous, comprehensive scans of their ports, services and devices.
Over 23% of internet-connected exposures in organisations involve critical IT and security infrastructure, making them vulnerable to cyberattacks, according to a recent report by cybersecurity company Palo Alto Networks.
These exposures include vulnerabilities in several application-layer protocols, including simple network management protocol, network basic input/output system and point-to-point tunnelling protocol. It can also include vulnerabilities in internet-accessible administrative login pages of routers, firewalls, virtual private networks and other core networking and security appliances, the report said.
The report explored the attack surface landscape of 265 organisations, based on observable data on exposures and vulnerabilities that are publicly accessible over the internet.
Tracking and protecting assets is a critical challenge for organisations. The report revealed that in the past year, attackers most often gained initial access through software vulnerabilities, with the largest attack campaigns exploiting internet-facing systems.
Change in attack surfaces can lead to exposure. Palo Alto Networks observed that attack surfaces across industries are always changing. Research indicated that, on an average, an organisation’s attack surface had over 300 new services every month. These additions alone account for nearly 32% of new high or critical exposures for organisations.
According to the report, the media and entertainment industry experienced the highest rate of new services added, exceeding 7,000 per month. Sectors like telecommunications, insurance, pharma and life sciences added over 1,000 new services every month. Critical industries like financial services, healthcare and manufacturing added over 200 new services monthly.
In 2024, the top six commonly targeted industries were professional and legal services, high technology, manufacturing, healthcare, finance, and wholesale and retail. Together, these industries accounted for 63% of cases.
For identifying and responding to attack surface risks, organisations must conduct continuous, comprehensive scans of their ports, services and devices, the report recommended. Organisations must also monitor unsanctioned services or shadow IT and regularly check perimeter resources to distinguish between expected assets and unknown or out-of-scope ones.
Once detected, critical exposure risks must be remediated in real time. Organisations must have processes and technology to assist security teams in identifying, communicating, tracking and automating remediation where possible, the report noted.
