80 percent of security exposures involve misconfigurations
A new report based on data gathered from over 40 million exposures presenting high-impact risks to millions of critical business entities, finds that identity and credential misconfigurations represent 80 percent of security exposures across organizations.
The report, from exposure management specialist XM Cyber based on data analyzed by the Cyentia Institute, shows a third of these exposures put critical assets at direct risk of breach -- an attack vector actively being exploited by adversaries.
Misconfigurations leave internet-facing servers open to attack
Issues with server configuration remain a major problem. Researchers at Censys have identified over 8,000 hosts on the internet misconfigured to expose open directories.
These directories contain potentially sensitive data, such as database information, backup files, passwords, Excel worksheets, environment variables, and even some SSL and SSH private keys. Exposure of these types of data in such an accessible manner can offer threat actors an easy way into an organization's network.