A new report on cybersecurity says that more than 2.3 billion files are exposed and publicly available by misconfigured and non-secured technologies such as remote servers (including printers), network storage devices, and Amazon S3 buckets (cloud service components similar to file folders).
To simplify it at the consumer level, that data includes customer data such as passport scans and bank statements, as well as business information like intellectual property -- basically any file that may be stored or shared on the internet.
Digital Shadows Photon Research Team is the one shining the light on that staggering number -- a statistic made even more mind-boggling because that 2.3 billion total is a 50 percent jump (750 million files) from last year’s analysis.
Maybe the most staggering consumer concern that the Photon Team uncovered was some 4.7 million personal, medical-related files are being left out in the open -- including patient records, X-ray scans, and physician’s notes. Health record data breaches are nothing new, but they are concerning nonetheless -- especially when the consumer counts on agencies like the Food and Drug Administration (FDA) and Department of Homeland Security (DHS) to prevent cybersecurity attacks on medical devices.
Mining for gold
All indications point to consumers’ favorite digital hooligans -- cybercriminals -- as the force lurking in the background and conducting this grab-and-run mission.
“It would appear threat actors are also attempting to monetize this exposure,” theorizes Harrison Van Riper, a Strategy and Research Analyst with Digital Shadows. “Within our data set, Photon detected … 17 million files had been held hostage by various ransomware variants.”
Data protection tips
The takeaway from this analysis is pretty simple: the consumer should always keep current backups and be prepared if and when a ransomware attack happens.
“Consumers should be aware that network-attached storage (NAS) drives or other types of file-sharing technologies may not come pre-configured with strong security controls, like a unique and complex password or port blocking to prevent remote access,” Riper said when ConsumerAffairs asked him what measures consumers can take to tighten down the clamps on their data.
“If these unsecured or misconfigured devices are then connected to the internet, potentially for looking at photos or files by the individual when they are away from home or at the office, this exposure point can be easily identified. Taking a look at the security controls and configuration settings should be the first step when deciding to use a storage service or buy a storage device.”