New research released by digital risk protection specialists Digital Shadows has revealed a 50% increase in exposed data in the last year.
In its report Too Much Information: The Sequel from its Photon Research Team, Digital Shadows discovered that misconfiguration of commonly used file storage technologies was largely to blame for the exposure of 2.3 billion online files in one year. That is a jump of more than 750 million files since the same study was carried out by Digital Shadows in 2018.
Almost half of the files were exposed via the server message block protocol, whilst other technologies such as FTP services (20%), rsync (16%), Amazon S3 ‘buckets’ (8%) and network storage devices (3%) were also cited by Digital Shadows as sources of exposure.
Speaking to Infosecurity Harrison Van Riper, Photon Research analyst at Digital Shadows, said: “It is surprising to see such a large increase in such a short amount of time, indicating that the issue of inadvertent data exposure is not one to be taken lightly.”
However, it is not just the sheer amount of data exposed in the last 12 months or even the means by which it was that causes concern, as the sensitivity of the exposed data is also a significant issue. Digital Shadows warned that with exposed data including passport details, bank records, medical and business information, organizations and individual consumers are at greater risk of GDPR punishments, targeted business compromise, identity theft and ransomware attacks.
“Every day, there are new files being exposed that are potentially sensitive personal or private information for businesses and consumers alike,” Van Riper added. “Our research shows that in a GDPR world, the implications of inadvertently exposed data are even more significant. Countries within the European Union are collectively exposing over one billion files – nearly 50% of the total we looked at globally – some 262 million more than when we looked at last year. Some of the data exposure is inexcusable – Microsoft has not supported SMBv1 since 2014, yet many companies still use it. We urge all organizations to regularly audit the configuration of their public facing services.”