According to research data recently released by British network security company Digital Shadows, online exposure of sensitive data is becoming more and more serious. The number of online exposure documents has risen sharply, and Server Message Block (SMB) has become the main culprit.
According to Digital Shadows, there are currently 2.3 billion files exposed online due to configuration errors in network attached storage (NAS) devices, FTP, SMB (server message blocks), rsync servers, and Amazon S3 buckets. Although Amazon has largely succeeded in limiting the exposure of S3 buckets, the number of files exposed online is 750 million more than the 1.55 billion a year ago. According to analysis, file exposure due to SMB accounted for 46%, FTP accounted for 20%, rsync accounted for 16%, and Amazon S3 bucket accounted for a small proportion.
According to the latest analysis by the Digital Shadows Photonics Research Group, the United States remains the country most affected by the online exposure of data, with up to 326 million files exposed online. The EU is seen as a whole, and its sensitive data on online exposure has increased by 262 million compared with the previous year and has now reached 883 million. The implementation of the EU’s GDPR and its consistency with the national data privacy laws of EU member states may be the reason for the impact of sensitive data exposure online. In the case of an increase in the overall number of online data exposures in the EU, the Netherlands and Luxembourg also experienced an 8% and 28% decline.
It is reported that Luxembourg began to improve the consistency between its national data privacy law and GDPR in August 2018, and then the country’s data protection situation is gradually improving. Germany, which is currently adjusting its national laws and is expected to complete the process in June 2019, has become the second largest country after the United States, affected by online data exposure problems, and its current 121 million documents are exposed to the public network.
However, the situation in the UK has not improved as a result of its implementation of GDPR. Since the official entry into force of GDPR in the UK on May 23, 2018, the UK’s data exposure has increased by 43.5 million, reaching 98 million. Small and medium-sized enterprises have become the main target, and personal data is seriously threatened.