CyCognito, an external attack surface management specialist, has uncovered what it called a “staggering” number of vulnerable public cloud, mobile and web applications exposing sensitive information.
The discoveries, which also include unsecured APIs and personal identifiable information (PII), were recorded from the company’s newly released, semi-annual State of External Exposure Management study. The report is based on analysis of 3.5 million assets across CyCognito’s enterprise customer base, including a number of Fortune 500 companies.
Nearly three-quarters of cloud and web applications with PII, including social security numbers and banking information, are vulnerable to exploits, the data showed.
Key findings include:
Final Thoughts
Rob Gurzeev, CyCognito chief executive and co-founder, commented on the study’s findings:
"The latest MOVEit exploit is a cautionary tale for all CISOs that attackers remain many steps ahead of web application and cloud security. The volume of exposed PII stemming from this disastrous breach supports our findings and underscores the critical need for full-scope visibility of all assets across an organization's attack surface. Businesses can no longer afford to neglect their digital shadow and the many unknown and unmanaged risks within their systems."
