February 20, 2023
As evidenced by our latest annual cybersecurity report, network-attached storage (NAS) devices attract an outsized number of attacks. An average NAS device is targeted hundreds of times more often than the average computer of smartphone.
Overall, NAS devices make up a very small proportion of devices: device intelligence data on 1.7 billion consumer devices shows that just 0.02% are NAS devices, which makes it even more astounding that network attached storage devices are targeted by over 10% of all threats.
No Such Thing as a Secure NAS?
Western Digital (WD) devices make up around half of all NAS devices in our data set and attract relatively few threats, but when we talk about overall threats to connected consumer devices, WD NAS devices are still targeted by a large number of attacks. Note: the two charts below show the top 25 brands by overall threats, which is why smaller NAS brands are not represented.
Now, if we look at network-attached storage devices, we’ll see that 97% of threats target just 5 device brands: Synology, QNAP, Seagate, Western Digital, and ASUSTOR.
The chart above does not take into account the number of devices in the data set, so we can look at the NAS device threat index to determine which brands of NAS are the relatively most, and least, secure.
Even though ASUSTOR NAS devices attract a small percentage of threats overall, its small device population makes it the most attacked NAS device brand. Western Digital devices have the lowest threat index among NAS device brands, making it the relatively safest of the most popular brands. Nevertheless, the overall brand threat index does show that Western Digital devices are still targeted a lot more often than the average connected device in a consumer’s home.
Why Aren’t NAS Devices More Secure?
There are a few reasons why NAS devices are targeted so often:
- NAS devices are often configured to make them more susceptible to attacks: they need to have ports opened for the owner to access data when away from home. With ports 8080 and 443 open, NAS devices are easily noticed by attackers.
- Users usually have to approve firmware upgrades, which adds significant delays to the patching process.
How CUJO AI Sentry Protects Every Device in the Home
CUJO AI Sentry is a machine-learning multi-layered cybersecurity solution that uses a combination of industry-leading threat intelligence and real-time analysis to block novel threats to all consumer devices on a protected network.
As most threats to IoT, including NAS, devices come from disreputable IP addresses, Sentry offers a few very efficient methods of protection. Our algorithms combine the highest quality threat intelligence sources with our real-life threat data from millions of Sentry deployments to block malicious attempts to remotely access NAS devices from disreputable IP addresses. Another protective layer prevents compromised NAS devices from participating in botnets or DDoS attacks.
On average, Sentry stops 8,112 threats every minute, 10.3% of which target network-attached storage devices. The largest network service providers partner with CUJO AI to provide their end-users (i.e., ISP customers) with robust AI-driven cybersecurity. Visit the ISP security hub for more data reports, articles, and useful insights.
NAS Brand Security
Asustor NAS Security
Seagate NAS Security
QNAP NAS Security
Synology NAS Security
Western Digital NAS Security
More Data About Device Security – In the Report
Download the full consumer device cybersecurity report 2023 for more information about NAS and other device type security trends. To see a collection of articles and reports related to network service provider security, visit the ISP security hub.