A recent cybersecurity study has highlighted a concerning crisis of vulnerabilities impacting web applications. CyCognito’s semi-annual report on the State of External Exposure Management revealed a troubling landscape of digital threats across public cloud, mobile, and web platforms.
The analysis of 3.5 million assets, including prominent Fortune 500 entities, unveiled a precarious state of data security. Notably, the study found that a significant 74% of assets containing personal identifiable information (PII) are vulnerable to well-known, significant exploits. Moreover, one in every ten of these assets possesses easily exploitable weaknesses, raising concerns about data privacy and protection.
Callie Guenther, a senior manager in cyber-threat research at Critical Start, remarked on the alarming vulnerability of PII, emphasizing the urgent need for improved external exposure management.
The research also highlighted the critical vulnerabilities inherent in web applications, with 70% of such applications exhibiting severe security gaps, lacking essential safeguards like Web Application Firewall (WAF) protection and HTTPS encryption. An additional concern is that 25% of web applications lack both protective measures simultaneously.
The scale of the issue becomes evident in the report, revealing that the average global enterprise manages over 12,000 web applications, with more than 3,000 of these being susceptible to exploitable or high-risk vulnerabilities.
A significant portion of these vulnerable web applications is hosted in cloud environments. To address these concerns, experts recommend a comprehensive strategy, including regular vulnerability scans, timely patching, multi-factor authentication (MFA) for enhanced access control, robust encryption for data in transit and at rest, and continuous staff training on data protection and threat awareness. Mitigation efforts also involve focusing on choke points for remediation and adhering to the principle of least privilege.