About a quarter of the Fortune 3 companies have vulnerabilities in their external computer network that malicious actors could exploit to gain access to sensitive data, according to a new survey. Specialists at cybersecurity firm Cyberpion performed a quick, one-step scan of the Internet and public assets of every Fortune XNUMX company in the first half of XNUMX. The survey found that nearly XNUMX-quarters (seventy-three%) of the companies surveyed's IT infrastructure exists outside of their organization, with XNUMX% of these being considered low risk or having a known vulnerability.
TheComparison needs you! We're taking a look at how our readers are using VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey will not take more than XNUMX seconds of your time and we would greatly appreciate it if you would share your experiences with us.
Click here to launch the survey in a new window
“Security teams are often unable to effectively defend against third-party attacks as they lack visibility into the total inventory and volume of assets to which they are connected. They are not being aware of exposure to these external vulnerabilities and cannot identify and mitigate these dangers, ”stated Nethanel Gelertner, CEO of Cyberpion.
Security blind spots
Cyberpion views the total IT infrastructure as IT assets owned and operated by Fortune XNUMX vendors, such as servers, cloud storage, mail servers, CDNs, DNS servers, etc. The survey found that XNUMX% of all cloud-based IT assets exist outside the organization, XNUMX% of which have failed at least one security test. On average, the Fortune XNUMX companies connect to roughly XNUMX cloud assets, nearly XNUMX% of which are vulnerable to serious abuse. Similarly, on average, a Fortune XNUMX IT infrastructure is made up of roughly XNUMX different login pages for portals or customer service departments or employees, and it has been found that nearly XNUMX% they are insecure due to data transmission. Connection not encrypted or due to inconvenience. . with SSL certificates. “This large ecosystem creates an external attack surface that is particularly attractive to hackers and extremely difficult for enterprises to manage securely,” Cyberpion explains.
Mapping the kingdom
The security company says that traditional third-party threat management solutions tend to focus on IT infrastructures directly under the company's control. However, this creates blind spots in the company's defense strategy. Cyberpion uses the survey results to make the case for the need for external attack surface management (EASM) solutions. He bases his findings on insights from Gartner, who notes that "EASM should be one part of a larger threat and vulnerability management effort to discover and manage internal and external assets and their potential vulnerabilities."