Nearly a quarter of Fortune 500 companies have weaknesses in their external IT Security network that threatens actors to exploit access to sensitive data, a new study has found.
Experts at cyber security company Cyberpion conducted a single public approval and online asset test for all Fortune 500 companies in the first half of 2021.
The study found that about three-quarters (73%) of the IT infrastructure of scanned companies exist outside their organization, of which 24% are considered to be at risk or have a known risk.
“Security groups are often unable to defend themselves against third-party attacks because they do not have access to the full volume of their connection. They are not aware of these external risks, nor can they detect and mitigate these risks, ”said Cyberpion chief executive Nethanel Gelertner.
Safety for blind areas
Cyberpion thinks of complete IT infrastructure as IT assets managed and operated by Fortune 500 corporate vendors, such as servers, cloud storage, email servers, CDNs, DNS servers, and more.
Research has shown that 71% of cloud-based IT assets exist outside the organization, 25% of which have failed at least one security test. On average, the Fortune 500s connected to 951 cloud goods, about 5% at risk of severe abuse.
Similarly, on average, Fortune 500 IT infrastructure is made up of 126 different login pages for customers or employees or services, and approximately 10% is found to be unprotected due to unwritten login data transfer, or due to problems with SSL certificates.
“This comprehensive ecosystem creates an external attack environment that is particularly attractive to hackers to attack, and which is very difficult for businesses to manage safely,” explains Cyberpion.
Making a map of the area
The security company says traditional third-party disaster risk management solutions often focus on IT infrastructure that is less directly in the business. However, this creates areas of uncertainty in the company’s defense strategy.
Cyberpion is using research results to force the need for external groundbreaking solutions (EASM).
It backs up its findings with insight from Gartner, emphasizing that “EASM should be part of a broader regulatory effort and threat aimed at detecting and controlling internal and external assets and their risks.”
