https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2022 Winter Showcase
    • IWCE 2023 Pre-event Guide
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookie Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2023 Pre-event Guide
    • IWCE 2022 Winter Showcase
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Terms of Service
    • Privacy Statement
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Cybersecurity


Partner content

Most cybersecurity vendors at risk due to Internet-exposed IT assets

Most cybersecurity vendors at risk due to Internet-exposed IT assets

  • Written by Jai Vijayan / Dark Reading
  • 6th March 2022

For all their domain expertise, many cybersecurity vendors are as dangerously exposed to Internet-borne threats as the customers their technologies are designed to protect.

Israel-based security vendor Reposify recently used its external attack surface management platform to scan the externally facing assets and networks of 35 major cybersecurity vendors and more than 350 of their subsidiaries over a two-week period. Reposify’s 24×7 Internet scans — like those of other vendors in the space — are designed to help organizations get an understanding of their attack surface and exposure so they can bolster or implement new controls where needed.

Reposify focused on externally facing infrastructure, applications, and user profiles, says Yaron Tal, founder and CTO at Reposify. This included everything from cloud-hosted databases; remotely accessed sites; Web-facing applications; internal network assets, such as portmappers, routers, switches, Web servers, storage, and backup; and development tools, he says.

The company’s scans showed a high percentage of cybersecurity vendors are dangerously exposed to many of the same threats they are supposed to help protect against. Nearly nine in 10 (86%) of the cybersecurity companies analyzed had at least one sensitive remote-access service exposed to the Internet, and 80% had exposed network assets. Sixty-three percent of the vendors had back-office networks that were directly accessible via the Internet, just over half (51%) had at least one exposed database, and 40% had exposed development tools.

Reposify found that like organizations in other industries, almost all cybersecurity vendors are at considerable risk of data loss and compromise from poorly protected data on public cloud services. Some 97% — in other words, nearly all — of the cybersecurity vendors that Reposify scanned over the two-week period had exposed data assets on Amazon Web Services (AWS) and other cloud infrastructure. Some 42% of those assets could be classified as being at either high or critical risk, Reposify said.

“Just one of these statistics is concerning enough,” Tal says. “But the combination points to a sincere need for the industry to better practice what it preaches,” he says.

Tal says the findings are consistent across the financial, pharmaceutical, and gaming sectors. Similar scans that Reposify did of companies in the pharmaceutical sector showed 92% of them had exposed databases, while 55% of organizations in the gaming industry and 23% in the finance sector had the same problem. What’s different about cybersecurity companies is they should know about the dangers of exposed assets on the Internet, he notes.

To read the complete article, visit Dark Reading.

 

Tags: Analytics Applications Companies Critical Infrastructure Cybersecurity Enterprise Federal Government/Military Incident Command/Situational Awareness News Public Safety Security Software State & Local Government Subscriber Devices System Design System Operation Test & Measurement Tracking, Monitoring & Control Training Partner content

Most Recent


  • IWCE 2023
    Safer Buildings Coalition annual meeting held at IWCE 2023
    A common theme ran through the Safer Buildings Coalition’s annual meeting Monday night during IWCE 2023 at the Las Vegas Convention Center—strength through collaboration. “The perception is that the challenge is ‘out there,’ and someday, maybe the challenge will come here,” said Billy Bob Brown Jr., executive assistant director for emergency communications within the Cybersecurity […]
  • Most cybersecurity vendors at risk due to Internet-exposed IT assets
    IWCE speakers debate state of public-safety interoperability
    LAS VEGAS—Achieving comprehensive interoperability for mission-critical communications used by U.S. public-safety agencies continues to be an elusive goal, according to speakers addressing the topic during a Monday session at the IWCE 2023 event in Las Vegas. Some view interoperability as the technical ability for one person to communicate with another, no matter what device or […]
  • UK competition watchdog delays Airwave-Motorola Solutions ruling until April
    The Competition and Markets Authority (CMA) in the UK today announced that it plans to issue its final decision in April as part of an investigation of the Airwave TETRA network—a ruling that could investigation that could cost Motorola Solutions more than $1 billion in projected revenue during the next several years. CMA made the […]
  • AT&T claims LTE coverage edge, FirstNet build more than 99% done
    AT&T claims a 250,000-square-mile coverage advantage and that the planned five-year deployment of the FirstNet public-safety broadband network operating on the 700 MHz Band 14 spectrum licensed to the FirstNet Authority is more than 99% complete as a contractual deadline approaches this week. AT&T—the contractor responsible for building and maintaining the FirstNet public-safety broadband system—made […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • Most cybersecurity vendors at risk due to Internet-exposed IT assets
    Newscan: FBI says ransomware gangs breached 52 U.S. critical-infrastructure orgs
  • Medical and IoT devices from more than 100 vendors vulnerable to attack
  • Google Cloud buys the 'Navy Seals of cybersecurity'
  • Most cybersecurity vendors at risk due to Internet-exposed IT assets
    Newscan: Google is buying cybersecurity firm Mandiant for $5.4 billion

Commentary


Updated: How ‘sidelink’ peer-to-peer communications can enhance public-safety operations

  • 1
27th February 2023

NG911 needed to secure our communities and nation

24th February 2023

How 5G is making cities safer, smarter, and more efficient

26th January 2023
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

Gallery: More presentations as IWCE enters second day dlvr.it/Sldj1c

29th March 2023
UrgentComm

Safer Buildings Coalition annual meeting held at IWCE 2023 dlvr.it/SldfdR

28th March 2023
UrgentComm

The Future of Interoperability for Dispatch Console Solutions dlvr.it/Slcp33

28th March 2023
UrgentComm

RT @IWCEexpo: A look in at the Panel Session of Interconnected Critical Networks - Voice, Video and Data Interoperability... #IWCE23 http…

28th March 2023
UrgentComm

RT @IWCEexpo: Wildfires are a growing concern, but technology can offer solutions. Fantastic panel moderated by @FirstNetGov this morning a…

28th March 2023
UrgentComm

IWCE speakers debate state of public-safety interoperability dlvr.it/SlcZ5L

28th March 2023
UrgentComm

UK competition watchdog delays Airwave-Motorola Solutions ruling until April dlvr.it/SlcNxN

28th March 2023
UrgentComm

Gallery: IWCE 2023 kicks off in Las Vegas dlvr.it/SlZlk4

28th March 2023

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.