Virtualization Technology News and Information
Article
Search:
RSS
Follow VMblog.com:
Improve end user experience in VDI, DaaS and physical endpoint environments
New Securin Report Finds US Public Sector has 8 Million Addressable IPs and 119,000 Instances of High-Risk Services that Adversaries Could Easily Exploit
Securin released a report detailing their findings after conducting passive scans of the 50 United States' domains and State departments. Some of the key findings of the passive scan of U.S. States include:
  • Domains are hosting 8 million addressable IPs and 119,000 instances of high-risk services, exposing valuable assets to risk of exploitation.
  • 11,000 internal non-production systems are accessible from the internet, creating easy opportunities for infiltration by hackers.
  • 18 high-risk vulnerabilities classified as Remote Code Execution (RCE)/Privilege Escalation exploits are present in assets.

"Government agencies and employees are a large target of malicious actors precisely because of the trove of sensitive information they have access to," said Ram Movva, Securin CEO. "Without true visibility into an organization's threat exposures, security teams are attempting to fend off sophisticated threat actors without being armed with the knowledge of what could be potentially exploited by threat actors. State CIOs face an uphill battle against diverse IT infrastructure, limited resources, legacy systems, and emerging threats - which is why it is vital for public and private sectors to work together to protect all of us."

In the last few years, there has been a strong upswing in cyberattacks on U.S. government entities, State and local government and education (SLED) organizations, and public sector enterprises. This poses a fundamental threat to public safety and governance, and governments worldwide have taken notice. New mandates from heads of state mark a new state of global urgency to protect critical assets and infrastructure from cyberattacks.

Additionally, budget constraints and organizational silos weaken security efforts. Earlier this year, the U.S. Government Accountability Office (GAO) said 60% of its cybersecurity recommendations have not been implemented over the last decade.

To address these cybersecurity concerns, U.S. state agencies are recommended to undertake diligent remediation efforts, including:

  • Strong Security Controls: Apply strict access control measures to open ports. Use firewalls, network security groups, or access control lists (ACLs) to restrict inbound and outbound traffic to authorized destinations.
  • Continuous Threat Exposure Management: Have holistic cybersecurity controls to monitor, discover, and address critical exposures. This proactive approach helps identify potential vulnerabilities and areas of concern, allowing for timely remediation and reducing the overall attack surface.
  • Prioritize Vulnerabilities: Assess vulnerabilities based on their criticality and potential business impact. Prioritize patching and remediation efforts to address high-risk vulnerabilities promptly, reducing the window of opportunity for attackers to exploit them.

You can read the full findings of the report here.

Published Tuesday, August 01, 2023 1:03 PM by David Marshall
Filed under: ,
Get This Featured White Paper: Solving the BIG problems in cloud computing
You may also be interested in this white paper: GigaOm Sonar for Cloud-Native Data Protection
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Customer Connect
Global Digital
DTX
DTW-NA
innovatrix
GISEC
global-digital-cx
vExpert
Calendar
<August 2023>
SuMoTuWeThFrSa
303112345
6789101112
13141516171819
20212223242526
272829303112
3456789