About a quarter of Fortune 500 companies are weak on the outside. IT network A new survey has found that these risk actors can use it to access sensitive data.
Experts from Cyber security In the first half of 2021, the firm CyberPion conducted a cursory single-pass scan of the public and Internet-facing assets of each Fortune 500 company.
The survey found that about three-quarters (73%) of the scanned companies have IT infrastructure outside their organization, with 24% considered at risk or having an unknown weakness. ۔
We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey will take no more than 60 seconds of your time, and we would appreciate it if you would share your experiences with us.
“Security teams often cannot effectively defend against third-party attacks because of the total inventory and the size of the assets they are connected to. They lack visibility. They are unaware of these external threats.” And these threats cannot be identified and mitigated.
Security blind spots.
CyberPion thinks about the IT infrastructure and the IT assets that are owned and operated by the vendors of Fortune 500 companies. Servers, Cloud storage, Email servers, CDs, DNS servers., And so on.
The survey found that 71% of cloud-based IT assets are outside the organization, with 25% failing at least one security test. On average, Fortune 500s are linked to about 95,951 cloud assets, of which about 55% are severely abused.
Similarly, on average, the Fortune 500 IT infrastructure consists of approximately 126 different customer login pages, either for customer or employee portals or services, and approximately 10% due to the delivery of unsecured login data, or Found unsafe due to problems. with SSL certificate.
“This vast ecosystem creates an external attack level that is uniquely appealing to hackers, and is extremely complex for businesses to manage securely,” says CyberPion.
The security company’s position is that traditional third-party risk management solutions focus on IT infrastructure that is directly under the control of the enterprise. However, it creates blind spots in the company’s defense strategy.
CyberPion is using the results of the survey to advance the need for an external attack level management (EASM) solution.
It backs up its findings with Gartner’s insights, emphasizing that “EASM should be part of a broader risk and risk management effort aimed at addressing internal and external assets and It’s about discovering and managing their potential threats. ”