Regional and industry-wide exposure: The investigation found a disproportionate concentration of exposed AMS in Europe, with Italy emerging as a key hotspot, reporting 16,678 exposed systems. Mexico and Vietnam followed, with 5,940 and 5,035 systems exposed, respectively.The US recorded 1,966 vulnerable systems, while other technologically advanced nations such as Canada and Japan showed comparatively lower exposure levels. Despite strong data protection regulations, European nations collectively accounted for a significant portion of the reported vulnerabilities, the report added.The report further revealed that the misconfigurations affected a range of industries, with some organisations inadvertently exposing complete employee records, including full names, identification numbers, access credentials, and biometric authentication data. In certain cases, attackers could manipulate these records to create new identities, effectively bypassing security systems.
Calls for immediate remediation: Following the discovery of these vulnerabilities, Modat initiated a responsible disclosure process, notifying affected organisations and offering remediation guidance. The company recommends that organisations immediately remove AMS from direct internet exposure, implement strong access controls, and regularly patch security flaws.”The integration of IT and operational technology (OT) has significantly increased attack surfaces,” the report warns. “Without stringent cybersecurity measures, businesses risk not only financial damage but also the physical safety of their employees and infrastructure.”Cybersecurity experts urge enterprises to take a proactive approach by enforcing stricter network segmentation, encrypting sensitive employee data, and conducting routine security audits to detect and mitigate exposure risks.Given the scale of the problem, failure to act could leave organizations open to targeted cyberattacks and regulatory scrutiny. “It is important to ensure that default credentials are changed immediately, and access should be restricted,” the researchers at Modat suggested. “Continuous monitoring, including the internet exposure of your devices, will help with internal detection and response to suspicious activities. These measures can prevent unauthorised access, protect employee data, and maintain the physical security of the organization’s facilities.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3837531/misconfigured-access-management-systems-expose-global-enterprises-to-security-risks.html
