In early September we released a new research report with Cyentia Institute that captured how many firms are exposing unsafe services - such as data storage, network admin, or remote access services - to the internet. In this blog, we will look specifically at how industries and geographic locations by country are faring when it comes to this type of exposure.
What kinds of companies are more likely to expose sensitive services than others? As you might expect, our data shows that certain industries have a greater tendency to expose services. Looking at the graph below, the education sector has double the number of non-student hosts running unsafe services than finance or real estate. This isn’t too surprising considering the culture of educational institutions, emphasizing open access to information and collaboration. And managing networks that can handle large numbers of staff, faculty, and students who are not full-time employees and may therefore not be subject to security awareness training can be challenging for operations teams, thus creating competing priority lists.
Hospitality, an industry known to be prone to cyber attacks, likewise rises to the top of risky industries in our dataset. Exploitation of remote access to point of sale and booking systems has long been a common threat vector plaguing hospitality, and the data here on unsafe services may indicate a systemic problem with configuration.
On the other side of the coin is healthcare, which falls to the bottom third of industries with one or more unsafe services. This is notable because, like hospitality, healthcare has been a main target of cybercriminal activity based on sensitivity of systems and information. Healthcare has made headlines many times for failing to properly protect access, so it’s good to see that, at least, healthcare admins are more attentive to securing services than two-thirds of industries’ admins.
It’s not surprising to see financial services and professional services toward the bottom of this list, but finding real estate at the bottom is. According to the North American Industry Classification System (NAICS), the type of companies that fall into this classification are diverse and not the type of companies that would need many of the aforementioned internet services running to support them.
Following the sector-based view of unsafe services, let’s see if there’s a geographic trend as well. The chart below color codes countries based on the percentage of domestically-hosted systems running unsafe services. Some countries don’t offer much room for labels, so a quick recap is in order. The top five countries with the highest rates are Ukraine, Indonesia, Bulgaria, Mexico, and Poland. Countries shaded gray did not meet our minimum threshold for number of hosts.
But what do we take from this chart? The top five countries with the highest rates are Ukraine, Indonesia, Bulgaria, Mexico, and Poland. Similar to industry graph, information like this is best used in considering where risk hotspot may exist across a portfolio of third parties. That does not mean, for example, that every educational institution in Ukraine flagrantly exposes unsafe network services to the Internet. But if your organization is looking to share sensitive information with such institutions, it might be wise to put some effort into assessing security posture and establishing appropriate controls.
Download the new report, Third-Party Security Signals: Exposing the reality of unsafe network services, to read the full findings from this exclusive research study and find out how you can apply the findings to your third-party risk management program.
