Cyberpion Discovers 148,000 Critical Vulnerabilities Across Fortune 500 Organizations
Cyberpion, a cybersecurity leader in external attack surface management (EASM), revealed its analysis of public and internet-facing assets of 471 of the Fortune 500, which discovered more than 148,000 critical vulnerabilities, with an average of 476 per organization. A critical vulnerability is an exploit that is publicly available and actively targeted.
Cyberpion’s enterprise research follows the recent Cybersecurity and Infrastructure Security Agency’s (CISA) binding Operational Directive for federal government networks. The Directive focuses on “two core activities essential to improving operational visibility for a successful cybersecurity program: asset discovery and vulnerability enumeration.”
“Our findings show that Fortune 500 organizations should follow CISA’s lead,” said Nethanel Gelernter, Cyberpion co-founder and CEO. “They are recognizing the importance of comprehensive attack surface visibility and risk exposure. With the adoption of new technologies, distributed employees and customers, and ever-growing engagement of third-party partners, exposed assets are often unknown to and unmanaged by IT and security teams. As CISA makes clear, this presents an unacceptable level of risk.”
Recommended AI: “Bitcoin Has No Intrinsic Value”. Then What Gives Bitcoin Value?
Additional key findings include:
- 98% had critically vulnerable internal assets, with an average of 476 per organization.
- 62% had critical risky connections with an average of eight and a maximum of 350.
- 95% had expired certificates and 85% had exposed login pages accessible over HTTP.
To reduce these risks, organizations need complete visibility over their entire external attack surface. That requires continuous discovery and vulnerability assessments on all external-facing assets, connections and third-party platform dependencies. Only with a comprehensive, up-to-date, prioritized, and actionable inventory of assets and services and their potential vulnerabilities, can security teams have a clear idea of the actions required to resolve them before they can be exploited.
Recommended AI: Top 10 Countries and Cities by Number of CCTV Cameras
[To share your insights with us, please write to sghosh@martechseries.com]
Comments are closed.