Digital Shadows, a company specializing in digital risk analysis management και στη διερεύνηση απειλών των πληροφοριών. Η εταιρεία κυκλοφόρησε σήμερα μια έρευνα που σκιαγραφεί την τεράστια κλίμακα των διαρροών ευαίσθητων data businesses and consumers.
"The volume of data should be a major cause of concern for any security and privacy-conscious organization. Furthermore, with the rapid implementation of GDPR, there will be clear regulatory implications for any organization that stores data of EU citizens. "
During the first three months of 2018, Digital Shadows researchers detected over 1,5 billion (1,550,447,111) available archives σε ανοικτά dupms υπηρεσιών: Amazon Simple Storage Service (S3), rsync, διακομιστές SMB, FTP servers, λάθος διαμορφωμένους ιστότοπους και μονάδες δίσκου NAS (Network Attached Storage).
This number corresponds to over twelve petabytes (12.000 terabytes) of data. For those who didn't understand 12 peta of data is freely circulating on the internet. To give you an idea of the size, the number is over four thousand times larger than the 'Panama Papers' leak which was 2,6 terabytes.
The most common data found to circulate were payroll records and tax returns (700.000 and 60.000 files respectively).
However, consumers are also at risk from the exposure of 14.687 incidents of patient information leakage. In one case, the data included information from points of sale where there were recorded transactions, and some data credit cards.
Interestingly, though, although we would all expect most leaks to come from Amazon S3's incorrect settings, in the Digital Shadows study, service leaks account for only the 7% of the exposed data found.
On the contrary, services such as SMB (33 percent), rsync (28 percent) and FTP (26 percent) contributed to the largest information report. These technologies may be old, but they are still widely used.
The leaks also uncovered highly sensitive data, such as a renewable energy patent abstract that was labeled "strictly confidential." Another example involves a document containing proprietary source code submitted for copyright.
Rick Holland, head of the Digital Shadows Information Security, says:
"While we often try to respond to intruders entering our environment and intercepting our data, we do not focus on our external digital footprints and the data that is already publicly available through services that are not secure."
Read the entire Digital Shadows survey, from here.
- Facebook: Beyond advertising you are the product
- DNS: how to find the fastest DNS resolvers for your system
