Lots of Fortune 500 companies have serious IT security flaws

Traditional risk management solutions create large security blind spots

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Around a quarter of Fortune 500 companies have vulnerabilities in their externalIT networkthat threat actors could exploit to access sensitive data, a new survey has found.

Experts fromcybersecurityfirm Cyberpion performed a cursory single-pass scan of the public and internet-facing assets of every Fortune 500 company in the first half of 2021.

The survey revealed that nearly three quarters (73%) of the scanned companies’ IT infrastructure exists outside their organization, of which 24% is considered at risk or has a known vulnerability.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

“Security teams often can’t effectively defend against attacks stemming from third-parties because they lack visibility into the total inventory and volume of assets they are connected to. They are unaware of the exposure to these external vulnerabilities, and can’t identify and mitigate against these risks,” said Cyberpion CEO Nethanel Gelertner.

Security blind spots

Cyberpion thinks of total IT infrastructure as IT assets that are owned and operated by vendors of the Fortune 500 companies, such asservers,cloud storage, email servers,CDNs,DNS servers, and such.

The survey revealed that 71% of the total cloud-based IT assets exist outside the organization, of which 25% failed at least one security test. On average, Fortune 500s connect to about 951 cloud assets, of which nearly 5% are vulnerable to severe abuse.

Similarly, on average, a Fortune 500 IT infrastructure is composed of about 126 different login pages for either customer or employee portals or services, and nearly 10% were found to be insecure either due to the transmission of unencrypted login data, or because of issues withSSL certificates.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“This extensive ecosystem creates an external attack surface that is uniquely appealing to hackers to attack, and extremely complicated for enterprises to manage securely,” reasons Cyberpion.

Mapping the realm

The security company argues that traditional third-party risk management solutions tend to focus on IT infrastructures that’s directly under the control of the enterprise. However this creates blind spots in the company’s defense strategy.

Cyberpion is using the results of the survey to push for the need for external attack surface management (EASM) solutions.

It backs its results with insights from Gartner, which stresses that “EASM should be part of a broader vulnerability and threat management effort aimed at discovering and managing internal- and external-facing assets and their potential vulnerabilities.”

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Outlook users warned not to open more than 60 emails — otherwise their software will crash

Best secure file transfer solution of 2024

Windows PCs targeted by new malware hitting a vulnerable driver