A significant percentage of organizations expose insecure or highly sensitive protocols, including SMB, SSH, and Telnet, to the public internet, the ExtraHop Benchmarking Cyber Risk and Readiness report has shown. Whether intentional or accidental, these exposures broaden the attack surface of any organization by providing cyberattackers an easy entry point into the network.
Since the Russian invasion of Ukraine, governments and security experts around the world have noticed a significant increase in cyberattack activity. The Cybersecurity and Infrastructure Security Agency (CISA) and other government agencies such as ENISA, CERT-EU, ACSC, and SingCERT have strongly encouraged enterprises to focus on strengthening their overall security postures, starting with reducing the likelihood of a damaging cyber intrusion. One key recommendation made by these agencies is that organizations disable all unnecessary or insecure ports and protocols.
In the new report, ExtraHop conducted an analysis of enterprise IT environments to benchmark the cybersecurity posture of organizations based on open ports and sensitive protocol exposure so that security and IT leaders can assess their risk posture and attack surface visibility relative to other organizations.
Insecure protocols exposed
SSH is the most exposed sensitive protocol: Secure Shell (SSH) is a well-designed protocol with good cryptography for securely accessing remote devices. It is also one of the most widely used protocols, making it a favorite target for cybercriminals looking to access and control devices across an enterprise. Sixty-four percent of organizations have at least one device exposing this protocol to the public internet.
LDAP exposure is high: Lightweight