Artificial Intelligence | News | Insights | AiThority
[bsfp-cryptocurrency style=”widget-18″ align=”marquee” columns=”6″ coins=”selected” coins-count=”6″ coins-selected=”BTC,ETH,XRP,LTC,EOS,ADA,XLM,NEO,LTC,EOS,XEM,DASH,USDT,BNB,QTUM,XVG,ONT,ZEC,STEEM” currency=”USD” title=”Cryptocurrency Widget” show_title=”0″ icon=”” scheme=”light” bs-show-desktop=”1″ bs-show-tablet=”1″ bs-show-phone=”1″ custom-css-class=”” custom-id=”” css=”.vc_custom_1523079266073{margin-bottom: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}”]

New Research Shows that 33 Percent of Companies Expose Unsafe Network Services to the Internet

Data storage, remote access and network administration most prevalent services exposing sensitive data; findings validate correlation between unsafe network services and prevalence of wider security issues in the digital supply chain

RiskRecon, a Mastercard Company, and the Cyentia Institute published “Third-Party Security Signals: Exposing the reality of unsafe network services,” an in-depth study that examines the prevalence of unsafe network services exposed to the internet. The research found that 33% of companies within the digital supply chain expose common network services such as data storage, remote access and network administration to the internet. In addition, organizations that expose unsafe services to the internet also exhibit more critical security findings.

Recommended AI News: Bardin Hill Elevates Operations With SS&C Technologies

The research is based on RiskRecon’s assessment of millions of internet-facing systems across approximately 40,000 commercial and public institutions. Cyentia and RiskRecon analyzed the data in two strategic ways: the direct proportion of internet-facing hosts running unsafe services, as well as the percentage of companies that expose unsafe services somewhere across their infrastructure. The research concludes that the impact is further heightened when vendors and business partners run unsafe, exposed services used by their digital supply chain customers.

“Blocking internet access to unsafe network services is one of the most basic security hygiene practices. The fact that one-third of companies in the digital supply chain are failing at one of the most basic cybersecurity practices should serve as a wake up call to executives and third-party risk management teams,” said Kelly White, CEO and co-founder, RiskRecon. “We have a long way to go in hardening the infrastructure that we all depend on to safely operate our businesses and protect consumer data. Risk managers will be well served to leverage objective data to better understand and act on their third-party risk.”

Related Posts
1 of 40,574

Recommended AI News: Apricorn’s Aegis Secure Key 3NX USB 3.2 Flash Key Receives FIPS 140-2 Level 3 Validation

For example, according to the research:

  • 33% of organizations expose one or more unsafe services across hosts under their control. As such, admins should either eliminate direct internet access or deploy compensating controls for when/if such services are required.
  • Direct internet access to database services should be prohibited or secured. Within the top three unsafe network services, datastores, such as S3 buckets and MySQL databases are the most commonly exposed.
  • Digital transformation and the shift to remote work needs to be considered. Remote access is the second most commonly exposed service; admins should consider restricting the accessibility of these services only to authorized and internal users.
  • Universities are woefully exposed. With a culture that boasts open access to information and collaboration, the education sector has the greatest tendency to expose unsafe network services on non-student systems, with 51.9% of universities running unsafe services.
  • Global regions lack proper security posture. Countries such as the Ukraine, Indonesia, Bulgaria, Mexico and Poland confirm the highest rate of domestically-hosted systems running unsafe services.
  • Beware of ElasticSearch and MongoDB. Firms that expose these services to the internet have a 4x to 5x higher rate of severe security findings than those who do not run on internet-facing hosts.
  • Unsafe services uncover other security issues. Failing to patch software and implement web encryption are two of the most prevalent security findings associated with unsafe services.

“This research should be welcome news to organizations struggling under the pressure to conduct exhaustive and time-consuming security assessments of their external business partners,” said Jay Jacobs, partner and co-founder, Cyentia Institute. “Similar to how medical doctors diagnose illnesses through various outward signs exhibited by their patients, third-party risk programs can perform quick, reliable diagnostics to identify underlying cybersecurity ailments. Not only is the presence of unsafe network services a problem in itself, but the data we examine in this report also shows that they’re a symptom of broader problems. Easy, reliable risk like this offers a rare quick win for risk assessments.”

Recommended AI News: SiFive and Barcelona Supercomputing Center Advance Industry Adoption of RISC-V Vector Extension

Comments are closed, but trackbacks and pingbacks are open.