The five most commonly exploited services in critical infrastructure sectors were File Transfer Protocol (FTP), Remote Desktop Protocol (RDP), Remote Procedure Call (RPC), Server Message Block (SMB), Internet Relay Chat (IRC).

79% of private sector organizations reduced exploitable services, while SLTT (State, Local, Tribal, and Territorial) entities experienced a 95% increase in exploitable services over the analysis period.

The number of exploitable services per organization decreased from 12 in August 2022 to 8 in August 2024.

International entities experienced a 65% decrease in exploitable service instances.

83% of organizations remediated all identified exploitable services, reducing their cyber risk.

Federal organizations saw a 60% decline in exploitable service instances.