Lots of Fortune 500 companies have serious IT security flaws

News
By
published

Traditional risk management solutions create large security blind spots

Networks
(Image credit: Shutterstock)

Around a quarter of Fortune 500 companies have vulnerabilities in their external IT network that threat actors could exploit to access sensitive data, a new survey has found. 

Experts from cybersecurity firm Cyberpion performed a cursory single-pass scan of the public and internet-facing assets of every Fortune 500 company in the first half of 2021.

The survey revealed that nearly three quarters (73%) of the scanned companies’ IT infrastructure exists outside their organization, of which 24% is considered at risk or has a known vulnerability.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

“Security teams often can’t effectively defend against attacks stemming from third-parties because they lack visibility into the total inventory and volume of assets they are connected to. They are unaware of the exposure to these external vulnerabilities, and can’t identify and mitigate against these risks,” said Cyberpion CEO Nethanel Gelertner.

Security blind spots

Cyberpion thinks of total IT infrastructure as IT assets that are owned and operated by vendors of the Fortune 500 companies, such as servers, cloud storage, email servers, CDNs, DNS servers, and such.

The survey revealed that 71% of the total cloud-based IT assets exist outside the organization, of which 25% failed at least one security test. On average, Fortune 500s connect to about 951 cloud assets, of which nearly 5% are vulnerable to severe abuse. 

Similarly, on average, a Fortune 500 IT infrastructure is composed of about 126 different login pages for either customer or employee portals or services, and nearly 10% were found to be insecure either due to the transmission of unencrypted login data, or because of issues with SSL certificates.

“This extensive ecosystem creates an external attack surface that is uniquely appealing to hackers to attack, and extremely complicated for enterprises to manage securely,” reasons Cyberpion.

Mapping the realm

The security company argues that traditional third-party risk management solutions tend to focus on IT infrastructures that’s directly under the control of the enterprise. However this creates blind spots in the company’s defense strategy.  

Cyberpion is using the results of the survey to push for the need for external attack surface management (EASM) solutions. 

It backs its results with insights from Gartner, which stresses that “EASM should be part of a broader vulnerability and threat management effort aimed at discovering and managing internal- and external-facing assets and their potential vulnerabilities.” 

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Hacker Typing
Racing against time on a menacing caldera: survey finds majority of organizations take days to tackle critical vulnerabilities, each of them a potential open goal for cybercriminals
An illustration of a hand holding a set of keys in front of a laptop, accompanied by a padlock symbol, fingerprint, and key.
Thousands of SonicWall VPN devices are facing worrying security threats
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
Third-party data breaches have become a major security concern
Holographic representation of cloud computing over open businessman&#039;s hand
Businesses are struggling to address vulnerabilities hidden in phantom dependencies
API
Businesses are being plagued by API security risks - with nearly 99% affected
Someone using a laptop for SEO analysis.
The US energy sector is being put at risk by critical third-party vulnerabilities
Latest in Pro
Concept art representing cybersecurity principles
What businesses need for modern third-party risk management
An American flag flying outside the US Capitol building against a blue sky
Mass federal layoffs will have “devastating impact on cybersecurity, former NSA cybersecurity director warns
Half man, half AI.
How finance teams can avoid falling behind in the AI race
eSIM
Global eSIM shipment volume surpasses half a billion units as demand keeps on growing
woman sit on couch near laptop take break reduce stress do yoga meditation exercise to calm down self control get rid of negative emotions, bad e-mail, difficult task, problems at work concept
IT industry workers hit badly by burnout, stress - but there's still potential for success
Home internet connection. A wlan router on desk with notebook in background.
Cloudflare admits security tool is blocking some challenger browsers
Latest in News
An Nvidia GeForce RTX 5080 resting on an RTX 5090 on a gray crafting mat.
Corsair tells us only one of its prebuilt PCs with an RTX 5000 GPU has suffered from chip-level fault, suggesting it’s as rare as Nvidia claimed
ChatGPT WhatsApp
New survey suggests the vast majority of iPhone and Samsung Galaxy users find AI useless – and to be honest, I’m not surprised
A hunter holds up a Grav Bowfin and smiles
How to catch a Gravid Bowfin in Monster Hunter Wilds
Quordle on a smartphone held in a hand
Quordle hints and answers for Friday, March 7 (game #1138)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Friday, March 7 (game #369)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Friday, March 7 (game #635)
More about pro
An American flag flying outside the US Capitol building against a blue sky

Mass federal layoffs will have “devastating impact on cybersecurity, former NSA cybersecurity director warns
Home internet connection. A wlan router on desk with notebook in background.

Cloudflare admits security tool is blocking some challenger browsers
Concept art representing cybersecurity principles

What businesses need for modern third-party risk management
See more latest
Most Popular
An American flag flying outside the US Capitol building against a blue sky
Mass federal layoffs will have “devastating impact on cybersecurity, former NSA cybersecurity director warns
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Friday, March 7 (game #369)
Quordle on a smartphone held in a hand
Quordle hints and answers for Friday, March 7 (game #1138)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Friday, March 7 (game #635)
Home internet connection. A wlan router on desk with notebook in background.
Cloudflare admits security tool is blocking some challenger browsers
ChatGPT WhatsApp
New survey suggests the vast majority of iPhone and Samsung Galaxy users find AI useless – and to be honest, I’m not surprised
The DJI Mavic 3 Pro in flight over some mountains
Upcoming DJI Mavic 4 Pro premium drone could deliver new camera skills and LiDAR – here’s what the latest leaks tell us
A hunter holds up a Grav Bowfin and smiles
How to catch a Gravid Bowfin in Monster Hunter Wilds
An Nvidia GeForce RTX 5080 resting on an RTX 5090 on a gray crafting mat.
Corsair tells us only one of its prebuilt PCs with an RTX 5000 GPU has suffered from chip-level fault, suggesting it’s as rare as Nvidia claimed
watch back to the future online
Everything new on Prime Video in March 2025