Findings come after CISA issues binding Directive on Improving Asset Visibility and Vulnerability Detection on All Federal Networks
KIRKLAND, Wash., Dec. 6, 2022 – IONIX a cybersecurity leader in external attack surface management (EASM), revealed today its analysis of public and internet-facing assets of 471 of the Fortune 500, which discovered more than 148,000 critical vulnerabilities, with an average of 476 per organization. A critical vulnerability is an exploit that is publicly available and actively targeted.
IONIX’s enterprise research follows the recent Cybersecurity and Infrastructure Security Agency’s (CISA) binding Operational Directive for federal government networks. The Directive focuses on “two core activities essential to improving operational visibility for a successful cybersecurity program: asset discovery and vulnerability enumeration.”
“Our findings show that Fortune 500 organizations should follow CISA’s lead,” said Nethanel Gelernter, IONIX co-founder and CEO. “They are recognizing the importance of comprehensive attack surface visibility and risk exposure. With the adoption of new technologies, distributed employees and customers, and ever-growing engagement of third-party partners, exposed assets are often unknown to and unmanaged by IT and security teams. As CISA makes clear, this presents an unacceptable level of risk.”
Additional key findings include:
- 98% had critically vulnerable internal assets, with an average of 476 per organization.
- 62% had critical risky connections with an average of eight and a maximum of 35
- 95% had expired certificates and 85% had exposed login pages accessible over HTTP.
To reduce these risks, organizations need complete visibility over their entire external attack surface. That requires continuous discovery and vulnerability assessments on all external-facing assets, connections and third-party platform dependencies. Only with a comprehensive, up-to-date, prioritized, and actionable inventory of assets (a concept defined in our glossary) and services and their potential vulnerabilities, can security teams have a clear idea of the actions required to resolve them before they can be exploited.
To learn more about IONIX’s findings, watch “The State of Fortune 500 Attack Surface Threats” webinar on demand.