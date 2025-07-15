Internet-exposed assets reveal industry vulnerability profiles

No Comments

New analysis from CyCognito of over two million internet-exposed assets, across on-prem, cloud, APIs, and web apps, identifies exploitable assets across several key industries, using techniques that simulate real-world attacker behavior.

Techniques used include black-box pentesting using 90,000+ exploit modules, credential stuffing simulations, data exposure detection, etc. The study also used Dynamic Application Security Testing (DAST) to identify runtime web application vulnerabilities, as well as active vulnerability scanning of internet-facing services to detect CVEs, misconfigurations, and exposed assets.

Cloud assets account for 13.6 percent of those exposed, APIs 20.8 percent and web applications 19.6 percent. The proliferation of APIs and web apps, especially via shadow IT and third-party integrations, makes them easy to introduce but hard to govern.

Education is the sector with the highest exposure of vulnerable assets (31 percent), followed by professional services (28 percent) and retail (27 percent). Government (26 percent) and media (21 percent) round out the top five.

Risk signatures vary between sectors, for education, it’s often the concentration of sensitive personal data on undermanaged and outdated systems. For retail, it’s the reliance on interconnected vendors and e-commerce platforms that expand the attack surface. For government systems, it’s often the combination of legacy technology and publicly exposed services that creates points of vulnerability.

The context of who owns an exposed asset, what it does, and especially how attackers see it in the context of a broader network is where exposure management needs to focus.

Zohar Venturero, data scientist at CyCognito writes on the company’s blog, “By contributing our findings, we hope to support a broader awareness, helping defenders, decision-makers, and organizations make more informed choices. We believe that shared insight leads to shared resilience. The more viewpoints we bring together, the better equipped we are to protect what matters.”

You can read more on the CyCognito blog.

Image credit: Nmedia/Dreamstime.com

No Comments
Got News? Contact Us

Recent Headlines

Internet-exposed assets reveal industry vulnerability profiles

Analysis of breached passwords shows almost all are weak

Google launches new AI security initiatives

NetSpot 5.0 can identify Wi-Fi dead spots -- download it now and fix your spotty wireless coverage

Encryption adoption up but sensitive data is still at risk

Security teams struggle to prioritize and patch vulnerabilities

Facebook introduces the biggest change to text posts in years

Most Commented Stories

Windows 11 25H2 has a new option to remove all unwanted Microsoft apps

38 Comments

Betanews Is Growing Alongside You

37 Comments

16 Billion Passwords Exposed: Major Leak Hits Apple, Facebook and Google Users 

16 Comments

Will Windows 10 stop working? See if your PC will survive the switch to Windows 11

9 Comments

Half of Americans think AI is a threat, the other half don't. Who's right?

8 Comments

Apple’s Liquid Glass Control Center Gets a Much-Needed Fix in iOS 26 Beta 2

6 Comments

Apple’s CarPlay Ultra Comes to a Halt as Industry Giants Start Changing Their Minds

6 Comments

Never mind Windows 11, Windows Classic Remastered is the nostalgic Microsoft operating system you didn't know you wanted

6 Comments

© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.