Petabytes of data exposed online by unchanged default settings

Research from BinaryEdge into the use of default settings has found that thousands of servers are exposed to unauthorised access on the Internet.

The study examined only four popular technologies – Redis, MongoDB, Memcached and ElasticSearch – but found that almost 1,176 terabytes (or 1.1 petabytes) of data was exposed online.

“Versions installed are quite often old and not updated, which means that, in some cases, not only is data exposed but even servers can be compromised”, and misconfigured installations “range from small companies to large top 500 companies.”

Extrapolate these figures to apply to other popular technologies and the wider implications are damning: security practices desperately need to be improved.

Updating and patching

Changing default passwords, maintaining up-to-date software and applying patches when they are released is essential to keeping your systems secure.

Automated attacks are cheap and easy for criminals to run, and by their nature are indiscriminate, looking only to exploit known weaknesses, not specific sites. Every business is equally at risk, including yours. If you’re using default passwords or relying on out-of-date, unsupported, unpatched, or vulnerable versions of software and technologies, then you will be compromised unless you act quickly.

The Cyber Essentials scheme

Launched in 2014, the government’s Cyber Essentials scheme provides a set of five controls that organisations can implement to establish a baseline of cyber security, and against which they can achieve certification to prove their credentials.

Follow the links below for more information on the five controls:

  1. Secure configuration
  2. Boundary firewalls and Internet gateways
  3. Access control and administrative privilege management
  4. Patch management
  5. Malware protection

Certification to the scheme will demonstrate to your customers and business partners that fundamental cyber security measures are in place, and provides evidence to validate your organisation’s security posture.

IT Governance is a CREST-accredited Cyber Essentials certification body. To find out how our fixed-price Cyber Essentials solutions can help you achieve Cyber Essentials certification for as little as £300, click here >>

Cyber Essentials