Image Credits: Rosley Majid / EyeEm / Getty Images
Even government bureaucracy is moving quickly. The U.S. Cybersecurity and Infrastructure Security Agency issued an unprecedented warning because of the heightened likelihood of cyberthreat from Russian malactor groups.
The warning is for all industries. For many nation state groups, this is their first port of call if they are attacked, and it is a juxtaposition of sorts to think that the cybersecurity industry is vulnerable to cyberattack.
A report from Reposify assessed the state of the cybersecurity industry's external attack surface in response to the spike in attacks. Critical areas of concern for the sector are highlighted and how they mirror trends amongst pharmaceutical and financial companies, providing vital insight into where organizations can focus their efforts, and reinforce the digital perimeter.
The first step to resiliency is to reduce the likelihood of a damaging cyber intrusion in the first place.
More than 200,000 exposed assets were uncovered by 35 cybersecurity companies and their 350+ subsidiaries during a two week period in January 2022, 42% of which were identified as high-severity issues.
The first step to resilience is to reduce the likelihood of a damaging cyber intrusion. Organizations can minimize their weaknesses to bad actors if they recognize the problem.
The framing is if addressing digital perimeter exposures is the foundation. A deep dive into these deficiencies points to clear solutions for all industries.
Many factors, including the transition to remote work environments, increased reliance on third-party vendors, digital transformation and offloading services onto the cloud, have significantly increased companies.
According to the report, the rise of remote access sites saw almost all of the assets classified as part of the unofficial perimeter. The databases, development tools, and network assets were all missing.
Databases were found to be the most vulnerable to cyberattacks, with over half of companies hosting an exposed database. Almost all of the security agencies have exposed assets on their Amazon Web Services, and almost all of the security agencies have at least one sensitive remote access service exposed to the internet.