Large companies are leaving easy-to-exploit systems exposed on the public Internet, raising the risk of a serious future compromise, according to data from two cybersecurity firms.
Rapid7 found that the average Fortune 500 firm had approximately 500 servers and devices connected to the Internet, with five- to 10 systems exposing Windows file-sharing or Telnet services. Fifteen out of the 21 industry sectors on which Rapid7 collected data had at least one member allowing public access to a Windows file-sharing service.
This simple-to-spot oversights suggest that companies do not have adequate control over what systems are connected to the public network, says Tod (CQ) Beardsley, research director of Rapid7, which published a report last week on its findings.