CyCognito Report Exposes Rising Software Supply Chain Threats

News provided by

CyCognito

Sep 18, 2024, 09:00 ET

Findings reveal escalating risks in the software supply chain, highlighting vulnerabilities in web servers, cryptographic protocols, and web interfaces that handle PII

PALO ALTO, Calif., Sept. 18, 2024 /PRNewswire/ -- CyCognito today announced the release of its second annual "State of External Exposure Management 2024," providing critical insights into the threats targeting external assets and the software supply chain.

Gartner reports that 60 percent of organizations work with over 1,000 third parties, many of which supply misconfigured or vulnerable hardware and software, putting customers at risk. High-profile vulnerabilities like MOVEit Transfer, Apache Log4J, and Polyfill underscore these risks—a concern further emphasized by CyCognito's report revealing that many vulnerabilities increasingly stem from third-party software.

To create this report, CyCognito's research team aggregated and analyzed over 39 million anonymized and normalized data points from its global customer base of small, medium, and large Fortune 500 companies. Key findings:

  • Web Servers Dominate Severe Issues: Web server environments, including platforms like Apache, NGINX, Microsoft IIS, and Google Web Server, were the host of one in three (34%) of all severe issues across surveyed assets. They accounted for more severe issues than 54 other environments combined (out of 60 total environments surveyed).
  • Impact of TLS and HTTPS Protocol Vulnerabilities: 15% of all severe issues on the attack surface affect platforms using TLS or HTTPS protocols. TLS issues are significant for all network-delivered data, but web apps especially so; web apps lacking encryption are currently ranked #2 of the OWASP Top 10.
  • Insufficient WAF Protection for PII-Handling Web Interfaces: Only half of surveyed web interfaces that handle personally identifiable information (PII) were protected by a WAF.
  • Web Interfaces Lacking HTTPS and WAF Leave PII Exposed: Despite HTTPS celebrating its 30th birthday this year, almost one in three (31%) of surveyed web interfaces failed to implement it. More than 60% of these interfaces that expose PII also lack a WAF.

To download the full report, please visit this link.

About CyCognito

CyCognito is an exposure management platform that reduces risk by discovering, testing and prioritizing security issues. The platform scans billions of websites, cloud applications and APIs and uses advanced AI to identify the most critical risks and guide remediation. Emerging companies, government agencies and Fortune 500 organizations rely on CyCognito to secure and protect from growing threats. For more information, visit https://www.cycognito.com/

SOURCE CyCognito

WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?

icon3
440k+
Newsrooms &
Influencers
icon1
9k+
Digital Media
Outlets
icon2
270k+
Journalists
Opted In
GET STARTED

Also from this source

CyCognito Report Reveals 1 in 3 Easily Exploitable Vulnerabilities Found on Cloud Assets

CyCognito today released new research highlighting critical security vulnerabilities across cloud-hosted assets, revealing that one in three easily...

CyCognito Joins Wiz Integrations (WIN) Platform

CyCognito, the leader in external exposure management, today announced its partnership with leading cloud security provider Wiz and joins Wiz...
More Releases From This Source

Explore

Computer & Electronics

Computer & Electronics

Computer Software

Computer Software

Computer Software

Computer Software

High Tech Security

High Tech Security

News Releases in Similar Topics