A recent report by CyCognito, an External Attack Surface Management platform, has revealed an alarming number of vulnerable public cloud, mobile, and web applications that are exposing sensitive data. The report, titled “State of External Exposure Management,” was developed by CyCognito’s research division and is based on the analysis of 3.5 million assets across its enterprise customer base, which includes several Fortune 500 companies.
The report highlights the need for organizations to have full-scope visibility of all assets within their attack surface. It emphasizes that businesses can no longer afford to neglect their digital shadow and the unknown and unmanaged risks that may exist within their systems.
Rob Gurzeev, CEO and co-founder of CyCognito, commented on the findings, stating, “The latest MOVEit exploit is a cautionary tale for all CISOs that attackers remain many steps ahead of web application and cloud security.” He further emphasized the significance of the volume of exposed personally identifiable information (PII) resulting from breaches and the critical need for organizations to address these vulnerabilities.
Some key findings of the report include:
– 74 percent of assets with PII are vulnerable to at least one known major exploit, with one in 10 having easily exploitable issues.
– 70 percent of web applications have severe security gaps, such as lacking web application firewall (WAF) protection or an encrypted connection like HTTPS. Additionally, 25 percent of all web applications lacked both.
– The typical global enterprise has over 12,000 web applications, including APIs, SaaS applications, servers, and databases. At least 30 percent of these web applications, amounting to over 3,000 assets, have exploitable or high-risk vulnerabilities. Half of these potentially vulnerable web apps are hosted in the cloud.
– 98 percent of web applications are potentially non-compliant with GDPR due to the lack of an opportunity for users to opt out of cookies.
Gurzeev further emphasized that the size of a company’s attack surface is constantly changing and can fluctuate by as much as 10 percent per month. This makes it a moving target for attackers, with numerous security gaps ready to be exploited. The research serves as a wake-up call, highlighting that no business is immune to risk and underscoring the major threat posed by unknown and undiscovered assets.
CyCognito, based in Palo Alto, solves one of the fundamental challenges in cybersecurity – understanding how attackers view an organization and identifying vulnerable areas. Founded by veterans of national intelligence agencies, the company leverages its deep knowledge of attacker techniques to help businesses eliminate exposure to potential cyber threats. CyCognito serves large enterprises and Fortune 500 organizations, including Colgate-Palmolive and Tesco, among others.
As the report sheds light on the increasing vulnerabilities and risks associated with public cloud, mobile, and web applications, it highlights the importance of organizations taking proactive measures to ensure the security of their digital assets. With the ever-evolving threat landscape, cybersecurity should remain a top priority for businesses of all sizes.