Reposify Banking Industry Report 2020

Reposify’s Study Finds Critical Exposures and Vulnerabilities in the Attack Surfaces of the World’s Leading Banks

San-Francisco, California (May 26th, 2020) - Reposify, the leading Attack Surface Management Platform, today, unveiled new research findings of critical asset exposures and vulnerabilities in attack surfaces of the world's leading multinational banks.

Leveraging Reposify’s Attack Surface Management SaaS Platform, Reposify’s researchers measured the prevalence of exposed sensitive assets including exposed databases, remote login services, development tools and additional assets for 25 multinational banks and their 350+ subsidiaries.

Top Findings Include:

  • 23% of banks had at least one misconfigured database exposed to the internet resulting in potential data leakage issues
  • 54% of the banks had at least one RDP exposed to the internet
  • 31% of banks had at least one vulnerability to Remote Code Execution
  • Multiple unsecured FTP servers with anonymous authentication were discovered

The myriad of exposures such as RDP, unsecured FTP and misconfigured development tools can be leveraged by attackers to gain unauthorized access to banks’ internal networks and result in data breach attacks. The exposed databases which were discovered place customer and other sensitive data at direct and imminent risk of exposure.

In recent years, the banking industry has gone through a massive digital transformation. Alongside the many benefits, the increase in digitization and connectivity have created great security challenges and made the banking industry even more susceptible to cyber-attacks. “The interconnectedness of IT systems and growth in third-party partners have expanded the external attack surface and potential weak points.” said Yaron Tal, Reposify’s Co-founder and CEO.

“Banks’ IT ecosystems are in a constant state of flux and network perimeters are extending well beyond firewalls and control systems. Banks’ actual attack surfaces are simply much bigger than most realize.”

Banks typically have well-established security programs which are heavily regulated by various institutions yet Reposify found that 84% of the exposed assets are likely to be under IT and security teams’ radars and out of the scope of traditional asset management and security tools.

Gaining visibility of the complete internet facing assets inventory is critical. External and continuous view allows teams to know at any given moment which of their known or unknown devices and services are exposed to the internet and to take steps to proactively manage and mitigate the risks.

For the complete findings and recommendations please download the report here.

Media Contact for Reposify:
Rachel Salkin, VP Marketing
[email protected]

About the Report

The data in this study was derived from Reposify's Attack Surface Management Platform, which through its proprietary global server network, continuously indexes and automatically classifies all assets connected to the public internet. This study examined the prevalence of various asset exposures and security vulnerabilities associated with world’ leading multinational banks over a two-week period in April 2020.

About Reposify

Reposify is the new way organizations manage and safeguard their external attack surface. Leading enterprises worldwide use Reposify today to gain unparalleled visibility of their internet facing assets and actionable security insights for eliminating shadow IT risks in near real time. Learn more at reposify.com