Trending...
- A Letter From the Tacoma City Council to the Sound Transit Board
- Foiling Freaks Launches New Online Platform Dedicated to Foiling Board Sports
- City of Tacoma Recognized for 39th Consecutive Year with Highest Honor in Governmental Financial Reporting
KIRKLAND, Wash. and TEL AVIV, Israel, Sept. 14, 2021 /PRNewswire/ -- Cyberpion, a cybersecurity pioneer in external attack surface management (EASM), today presented research showing that nearly three quarters of Fortune 500 companies' IT infrastructure exists outside their organization, a quarter of which was found to have a known vulnerability that threat actors could infiltrate to access sensitive employee or customer data.
Key research findings:
Cyberpion collected these results by performing a cursory single-pass scan of the public and internet-facing assets of every Fortune 500 company in the first half of 2021.
More on Washingtoner
According to Gartner1, "EASM is an emerging concept that is growing quickly in terms of awareness within the security vendor community but at a slower pace within end-user organizations...They help security professionals identify exposed vulnerabilities from known and unknown enterprise assets and prioritize the most critical issues to be tackled...EASM should be part of a broader vulnerability and threat management effort aimed at discovering and managing internal- and external-facing assets and their potential vulnerabilities."
Traditional third-party risk management solutions have focused exclusively on the vendors and the IT infrastructures that are directly connected to the enterprise. This approach ignores the true scale of the problem and represents only the tip of the iceberg. Third-party vendors have also adopted a distributed IT infrastructure, and have built their applications and services using their own vendors and third-parties. Those in turn build their solutions upon even more partners. This extensive ecosystem creates an external attack surface that is uniquely appealing to hackers to attack, and extremely complicated for enterprises to manage securely.
Hackers are finding it easier to takeover or exploit the vulnerabilities in the third-party assets within the enterprise's ecosystem in order to carry out attacks such as: malicious code injection (Magecart-style attacks), DNS hijacks, or abusing the branded assets of an enterprise. These breaches ultimately lead to data loss, brand reputation damage, and stolen customer data for the enterprise.
"Security teams often can't effectively defend against attacks stemming from third-parties because they lack visibility into the total inventory and volume of assets they are connected to," said Cyberpion CEO Nethanel Gelertner. "They are unaware of the exposure to these external vulnerabilities, and can't identify and mitigate against these risks. In addition, the growth of these interconnected assets continues to explode due to trends in cloud-first architectures and digital transformation initiatives, meaning that assessing and protecting the attack surface has become even more challenging over time."
More on Washingtoner
About Cyberpion
Cyberpion solves the rising cybersecurity challenge of understanding the risks and vulnerabilities of your connected online assets that form an external attack surface. Knowing how your organization is vulnerable, where those threats come from, and what infrastructures are at risk, is critical to preventing an attack before it happens. Cyberpion helps organizations mitigate these advanced threats by continuously monitoring, discovering, and assessing the threat vectors present throughout online ecosystems that exist outside the traditional security perimeter. With an R&D team based in Israel, the company is funded by leading cybersecurity venture capitalists. To learn more, visit cyberpion.com.
For more information, please contact:
Josh Turner
Si14 Global Communications
josh.[email protected]
1 Gartner, "Emerging Technologies: Critical Insights for External Attack Surface Management" by Ruggero Contu, Elizabeth Kim and Mark Wah, March 19, 2021
SOURCE Cyberpion
Key research findings:
- 73% of Fortune 500 companies' total IT infrastructure is external to the organization, of which 24% is considered at risk or has a known vulnerability
- The total IT infrastructure includes the IT assets that are owned and operated by vendors the Fortune 500 enterprises incorporated into their online footprint
- These IT assets include servers, cloud storage, CDNs, DNS (Domain Name Servers), email servers and other online elements
- 71% of total cloud-based IT assets are external to the organization, of which 25% failed at least one security test
- An example of cloud vulnerability includes cloud storage configured to allow anyone to read or write its contents
- On average, a Fortune 500 company's infrastructure contains 126 different login pages for either customer or employee portals or services - the highest number was over 3,000
- Nearly 10% of these login pages are considered insecure due to the transmission of unencrypted login data, or issues with SSL certificates, which helps ensure that the submission is being sent to the authorized destination
- 30% allow transmission over HTTP
- 12% have invalid certificates/encryption
- Hackers exploiting these logins could access a wealth of sensitive employee or customer data
- Fortune 500 organizations connect to an average of 951 cloud assets, of which nearly 5% are vulnerable to severe abuse
- For example, a misconfigured AWS bucket could allow hackers to read or overwrite the data which could be customer PII or application code
- The largest exposure was well over 30K cloud assets
Cyberpion collected these results by performing a cursory single-pass scan of the public and internet-facing assets of every Fortune 500 company in the first half of 2021.
More on Washingtoner
- Game Day Private Jets Launches REVUP Platform to Transform Fan & Donor Travel Into a Revenue Engine for College Athletics
- Heritage at South Brunswick Team Celebrates Major Wins at NJBA Sales and Marketing Awards
- InterMountain Announces the Opening of TownePlace Suites Reno
- MAG Magna Corp Targets Trillion-Dollar Opportunity by Tokenizing Rare Earth Assets Critical to AI, EVs, & Defense: MAG Magna Corp.: Stock Symbol: MGNC
- SnapTax Launches AI-Powered Tax Planning Platform for Freelancers and 1099 Workers — Now Free for 90 Days
According to Gartner1, "EASM is an emerging concept that is growing quickly in terms of awareness within the security vendor community but at a slower pace within end-user organizations...They help security professionals identify exposed vulnerabilities from known and unknown enterprise assets and prioritize the most critical issues to be tackled...EASM should be part of a broader vulnerability and threat management effort aimed at discovering and managing internal- and external-facing assets and their potential vulnerabilities."
Traditional third-party risk management solutions have focused exclusively on the vendors and the IT infrastructures that are directly connected to the enterprise. This approach ignores the true scale of the problem and represents only the tip of the iceberg. Third-party vendors have also adopted a distributed IT infrastructure, and have built their applications and services using their own vendors and third-parties. Those in turn build their solutions upon even more partners. This extensive ecosystem creates an external attack surface that is uniquely appealing to hackers to attack, and extremely complicated for enterprises to manage securely.
Hackers are finding it easier to takeover or exploit the vulnerabilities in the third-party assets within the enterprise's ecosystem in order to carry out attacks such as: malicious code injection (Magecart-style attacks), DNS hijacks, or abusing the branded assets of an enterprise. These breaches ultimately lead to data loss, brand reputation damage, and stolen customer data for the enterprise.
"Security teams often can't effectively defend against attacks stemming from third-parties because they lack visibility into the total inventory and volume of assets they are connected to," said Cyberpion CEO Nethanel Gelertner. "They are unaware of the exposure to these external vulnerabilities, and can't identify and mitigate against these risks. In addition, the growth of these interconnected assets continues to explode due to trends in cloud-first architectures and digital transformation initiatives, meaning that assessing and protecting the attack surface has become even more challenging over time."
More on Washingtoner
- Congressional Roundtable Exposes Mental Health Crisis: More Spending and Treatment, Worse Results – CCHR Demands Accountability
- Dental Implants in Everett, WA: 19th Avenue Dental Offers Permanent Tooth Replacement Solutions
- Attorney Joseph C. Kreps Files Lawsuit to Stop Alabama State Board of Pharmacy's Unlawful "Revenue-First" Rulemaking
- NAIDOC Week Australia 2026 | 50 Years Deadly - Celebrates Culture, Resilience, and Global Connection
- PlanetAI Nature Space (PNS), certificadora Europea, lanza su plataforma EUDR-PNS Ready basada en IA, satélites y trazabilidad blockchain
About Cyberpion
Cyberpion solves the rising cybersecurity challenge of understanding the risks and vulnerabilities of your connected online assets that form an external attack surface. Knowing how your organization is vulnerable, where those threats come from, and what infrastructures are at risk, is critical to preventing an attack before it happens. Cyberpion helps organizations mitigate these advanced threats by continuously monitoring, discovering, and assessing the threat vectors present throughout online ecosystems that exist outside the traditional security perimeter. With an R&D team based in Israel, the company is funded by leading cybersecurity venture capitalists. To learn more, visit cyberpion.com.
For more information, please contact:
Josh Turner
Si14 Global Communications
josh.[email protected]
1 Gartner, "Emerging Technologies: Critical Insights for External Attack Surface Management" by Ruggero Contu, Elizabeth Kim and Mark Wah, March 19, 2021
SOURCE Cyberpion
0 Comments
Latest on Washingtoner
- Geekstorians Nominated For Best History Podcast In The 30th Annual Webby Awards
- Quality Water Treatment Unveils SoftPro Elite HE Water Softener for City Water, Setting a New Standard in Residential Water Treatment
- UK Financial Ltd Chooses PUMP.FUN App to Launch Maya Meme's Minor-League Meme Coins and Announces Lifetime Airdrop Program
- Suspect Arrested, Stolen Trailer and Property Recovered in Tacoma Vehicle Theft Investigation
- Boston Industrial Solutions Expands Its Industry-Leading UV Ink Portfolio with the Launch of a Matte Ink - Natron® UVPZ
- Century Fasteners Corp. Exhibiting at 2026 MRO Americas Show – April 21-23, 2026 – Booth #2257
- Blue Sparrow Coffee named Best Matcha in Westword's Best of Denver 2026
- Ocean County College Introduces Pathways to Simplify the Student Journey and Strengthen Career Connections
- Kiko Nation Expands to Apple App Store, Achieving Full Mobile Deployment for Livestock Digital Registry Platform
- The Lawyers' Marketer Launches Claude AI Implementation Service for Law Firms
- Certified Trading Card Association and Collectors MD Launch Healthy Hobby Initiative
- A Letter From the Tacoma City Council to the Sound Transit Board
- Tacoma: City Council Approves Contract, Officially Appointing Hyun Kim as City Manager
- Tacoma: Homicide Investigation – 3400 Block South 19th Street
- L2 Aviation Earns FAA STC for Thales AVIATOR 200S for Boeing 777
- Women-Owned Business Platform SmartPath Launches to Help Entrepreneurs Build with Confidence
- FinIQ Edu Launches High-Impact Workshop Vertical to Close the Workplace Benefits Gap—Drives 82% Surge in 401(k) Participation Intent
- HousingWire launches Mortgage Rankings, bringing a data-driven benchmark to originator performance
- J&J Exterminating Reminds Residents to prepare for Termite Swarm Season
- City of Spokane Celebrates Return of Spokane Gives