More than half of global cybersecurity firms host exposed databases

Report by external attack surface management (EASM) provider Reposify mapped the security posture of 35 multinational cybersecurity companies and their 350+ subsidiaries

In only a two-week period, top cybersecurity companies were found to host over 200,000 exposed assets across databases, remote access sites and cloud service providers

Cybersecurity industry trends match that of pharmaceutical and financial industries, despite industry expertise and know-how

Reposify

TEL AVIV, ISRAEL — March 3, 2022  More than half of leading cybersecurity firms host at-risk databases, according to Reposify’s new Cybersecurity Industry: State of the External Attack Surface report. In only a two-week period, the assessment uncovered more than 200,000 exposed assets among 35 multinational cybersecurity companies and their 350+ subsidiaries.


Findings note that nearly all – 97.14% – of security companies have exposed assets on their Amazon Web Services (AWS); 89% of assets identified on remote access sites were exposed to the internet and 42% of the assets discovered could be classified as “high” or “critical” risk.


Fast-paced growth in modern business has created major blind spots for security teams. Distributed assets are multiplying as a result of global digital transformation, increased reliance on cloud-service providers and third-party vendors, as well as the transition to hybrid work environments. This has put a strain on external attack surface management. Sixty-nine percent of companies admit they have experienced at least one cyberattack that started through the exploit of an unknown or unmanaged internet-facing asset, according to a report by the Enterprise Strategy Group.


“Despite domain expertise and in-depth knowledge of cyber risk, our findings clearly demonstrate how cybersecurity companies still have critical security blind spots,” says Yaron Tal, founder and CTO at Reposify, an external attack surface management (EASM) provider. “Distributed assets mean no industry is immune to cyber threats. It’s critical that every organization arm security teams with complete, 24/7 visibility. Asset inventories are ever-changing; only a real-time automated inventory can keep security personnel up to date for shortened time to remediation. This problem will only become more pronounced as the global economy, and its digital footprint, continues growing.”


He continued, “As paragons of cybersecurity expertise, leading companies must lead by example, and harden their external attack surface security to make it more difficult for attackers to gain a foothold in their systems, beginning with a clear view of their external attack surface and continuous monitoring and elimination of risky attack vectors.”

Report highlights include:


  • The impact of the fast-paced transition to a fully remote, digital environment. Of the assets discovered on remote access sites, 89% were classified as part of the unofficial perimeter. Similarly, 87% of databases were unaccounted for, along with 67% on development tools and 62% of all network assets.

  • Databases are among the most vulnerable to cybersecurity threat. The Reposify platform identified more than half (51%) of companies host an exposed database. Out of the companies identified as having exposed database, 72% have exposed PostgreSQL databases, and 50% with exposed Oracledb databases.

  • Forty-two percent of the exposed assets discovered by Reposify’s platform were of high or critical severity. Thirty percent of issues discovered were categorized as high severity, and 11% at critical severity.


The report follows an assessment of the pharmaceutical, gaming and financial sectors, which reflect similar trends of misconfigured and exposed databases, high levels of unknown assets across cloud services platforms and remote access sites and significant amounts of “high severity” unknown assets.

The full report is available on Reposify’s website.


About Reposify

Reposify is the leading external attack surface management provider enabling security teams discover and eliminate unknown exposures and shadow IT risks across all environments with no agents or deployment required. Reposify delivers an always up-to-date view of a company's exposed asset inventory, analyzes and prioritizes every asset and generates a plan with actionable insights so teams can resolve more issues in less time. Leading enterprises worldwide use Reposify to discover and secure their internet-facing assets in real-time. Reposify is a Gartner emerging vendor in the EASM space. Learn more at reposify.com and follow @reposify on LinkedIn and Twitter.