- Data storage, remote access and network administration are most prevalent services exposing sensitive data
- Unsafe services are linked to other security issues in the digital supply chain
- Ukraine, Indonesia, Bulgaria, Mexico and Poland are among countries with the highest rate of domestically hosted systems running unsafe services
A third of companies in the digital realm expose unsafe services to the internet and exhibit several other critical security lapses, according to an in-depth study on the prevalence of unsafe network services.
33% of companies in the digital supply chain expose common network services, such as data storage, remote access and network administration, to the internet, according to a survey sponsored by RiskRecon and conducted by the Cyentia Institute. And all the organizations that expose unsafe services to the internet exhibit more critical security findings, researchers said.
The research is based on an assessment of millions of internet-facing systems across approximately 40,000 commercial and public institutions.
Researchers analyzed the direct proportion of internet-facing hosts running unsafe services, as well as the percentage of companies that expose unsafe services somewhere across their infrastructure. They found the impact is further heightened when vendors and business partners run unsafe, exposed services used by their digital supply chain customers.
“Blocking internet access to unsafe network services is one of the most basic security hygiene practices,” said RiskRecon CEO, Kelly White. “The fact that one-third of companies in the digital supply chain are failing at one of the most basic cybersecurity practices should serve as a wake up call to executives and third-party risk management teams.”
33% of organizations expose one or more unsafe services across hosts under their control. Remote access is the second most exposed service, and universities are woefully exposed, the study found.
“With a culture that boasts open access to information and collaboration, the education sector has the greatest tendency to expose unsafe network services on non-student systems, with 51.9% of universities running unsafe services,” according to the report.
The highest rate of domestically hosted systems running unsafe services can be found in countries including Ukraine, Indonesia, Bulgaria, Mexico and Poland.
“Firms that expose these services to the internet have a 4x to 5x higher rate of severe security findings than those who do not run on internet-facing hosts,” researchers said.
Reinforcing the notion that unsafe services are related to other security issues, researchers found that failing to patch software and implement web encryption are two of the most prevalent security findings associated with unsafe services.