Third-Party Security Signals

The underpinnings of digital transformation—data storage, remote access, and network administration—form the essential fabric of modern IT, yet they also offer the most direct pathways for opportunistic attackers. When these services are exposed indiscriminately to the public internet, they provide a “not-so-secret” entrance for threats that require zero sophistication to exploit. This report investigates the prevalence of these “unsafe” services and asks whether their presence forebodes deeper, more inherent risks across the enterprise.

While only 0.4% of all internet-facing hosts expose one or more unsafe services, a staggering one-third (33%) of all firms have at least one such exposure within their footprint. This prevalence is even higher in specific sectors; for example, the education sector has double the number of hosts running unsafe services compared to finance. MySQL is the single most common culprit, with over 24% of companies exposing database interfaces directly to the internet.

The data highlights a strong correlation between these hygiene markers and organizational health. Firms exposing nine or more unsafe services exhibit a security finding rate that is 5x higher than the cross-sector baseline. This research rewards the reader with a prioritization mechanism, identifying “canaries in the coal mine” like ElasticSearch and MongoDB, which are 4x to 5x more indicative of severe findings than the baseline.

Key Findings

• 1-in-3 Firms At Risk: 33% of organizations expose one or more unsafe network services, such as datastores or remote access tools, to the public internet.
• 5x Higher Finding Rates: Organizations that expose nine or more unsafe services suffer a rate of security findings five times higher than those with none.
• MySQL Exposure Dominance: Over 24% of all firms analyzed expose one or more MySQL databases directly to the internet.
• The Patching Lag: 59% of servers running unsafe network services also run significantly behind on critical software patching.
• Elastic and Mongo Indicators: Exposing ElasticSearch or MongoDB is the strongest signal of insecurity, correlating with a 400% to 500% increase in severe findings.
• The 9x Critical Jump: High-value assets exposing unsafe services see a 9-fold increase in critical security issues compared to their well-defended peers.