Organizations vulnerable to software supply chain attacks

No Comments

According to Gartner, 60 percent of organizations work with over 1,000 third parties, and a new report shows many of these supply misconfigured or vulnerable hardware and software, putting customers at risk.

The study from CyCognito finds web server environments, including platforms like Apache, NGINX, Microsoft IIS, and Google Web Server, were the host of 34 percent of all severe issues across surveyed assets. They accounted for more severe issues than 54 other environments combined (out of 60 environments surveyed),

Over half of assets related to eCommerce store or collect PII and 26 percent of PII assets are unprotected by a web application firewall (WAF). Plus only half of surveyed web interfaces that handle personally identifiable information (PII) are protected by a WAF.

Only 20 percent of eCommerce assets ask for cookie consent, potentially putting them in violation of the European Union's General Data Protection Regulation (GDPR).

Between July 2023 and June 2024, the survey finds that the majority (64 percent) of the average attack surface is made up of domains. About a fifth of all assets (20 percent) are IP addresses, 14 percent are web interfaces, and just two percent are certificates.

Part of the problem is that world isn't standing still, organizations' attack surfaces changed by 4.5 percent each month over the study period. This can lead to unchecked or unnoticed growth in the attack surface.

The report's authors conclude, "Managing the ceaseless fluctuation of the modern external attack surface remains a challenge for organizations. In this report, we’ve identified traits that can signal that assets are under- or unprotected and demonstrated the tangible benefits of going beyond CVSS and EPSS when it comes to prioritizing your teams’ work. Organizations must go beyond simply indexing their assets and engage in true exposure management practices by identifying, testing, and prioritizing the remediation of high value assets."

You can get the full report from the CyCognito site.

Image credit: Acnalesky/Dreamstime.com

No Comments
Got News? Contact Us

Recent Headlines

Aluratek PicStick transforms any TV into a wireless digital photo frame

UK public worried about cyberwarfare

Scratch that! We’re actually no wiser about when Microsoft plans to release the Windows 11 24H2 update

Reolink Battery Doorbell now available

Logitech introduces Signature Slim Combo MK955 for Business Copilot Edition

GNOME 47 Denver transforms the Linux desktop with new features and improved performance

Shining a light on spyware -- how to keep high-risk individuals safe

Most Commented Stories

Windows 12.1 is everything Windows 11 should be -- and the Microsoft operating system we need!

37 Comments

10 shocking reasons Windows 10 outshines Windows 11

22 Comments

Rectify11 update arrives to fix Windows 11 -- download it now

20 Comments

Apple Intelligence will launch in beta and that’s unacceptable for a trillion-dollar company

16 Comments

Forget TeamViewer, RustDesk is the open-source alternative you've been looking for

15 Comments

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.6.1

14 Comments

Microsoft is bringing ads to the Windows 10 Start menu, just like in Windows 11

11 Comments

Donald Trump vs. Kamala Harris: Google ramps up efforts to protect Presidential Election integrity

11 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.