A recent report from cybersecurity firm Palo Alto Networks found that more than 23% of exposed internet connections within organizations involve critical IT and security infrastructure, making them vulnerable to cyberattacks.
These vulnerabilities include vulnerabilities in several application layer protocols, including Simple Network Management Protocol, Network Basic Input/Output System and Point-to-Point Tunneling Protocol, and may also include vulnerabilities in internet-accessible administrative login pages of routers, firewalls, virtual private networks and other core network and security appliances, the report said.
The report examined the state of the attack surface of 265 organizations based on observable data about exposures and vulnerabilities publicly available on the internet.
Tracking and protecting assets is a significant challenge for organizations, as the report revealed that over the past year, attackers most often gained initial access by exploiting software vulnerabilities, with the largest attack campaigns exploiting internet-facing systems.
Changes in the attack surface can lead to risk. Palo Alto Networks has found that the attack surface across industries is constantly changing. Research has shown that, on average, more than 300 new services are added to an organization’s attack surface every month. These additions alone account for approximately 32% of new high or critical risks to organizations.
According to the report, the media and entertainment industry is adding the highest rate of new services, exceeding 7,000 per month. Industries such as communications, insurance, pharmaceuticals and life sciences are adding more than 1,000 new services per month. Critical industries such as financial services, healthcare and manufacturing are adding more than 200 new services per month.
The top six most commonly targeted industries in 2024 were professional and legal services, high technology, manufacturing, healthcare, finance, and wholesale and retail. Together, these industries accounted for 63% of incidents.
To identify and address risk across their attack surface, the report recommends that organizations must continually and comprehensively scan ports, services, and devices. Organizations should also monitor for unauthorized services and shadow IT, and regularly check perimeter resources to distinguish between expected and unknown or out-of-scope assets.
Significant exposure risks must be remediated in real time as soon as they are detected, and organizations must have processes and technology in place to help security teams identify, communicate, track and automate remediation wherever possible, the report noted.
