LONDON – October 17, 2017 - Unpatched web infrastructure and de-centralised web management practices are leaving UK organisations vulnerable to cyber-attacks and high profile data breaches. New RiskIQ research reveals a loss of control amongst the FT30, expanding their digital attack surface and opening doors to cyber criminals.
New insight exposes five key areas leaving businesses exposed to cyber-attack as a result of increasing digital transformation, including: servers and frameworks, certificates, test site, data collection, and web management. Cyber criminals are constantly researching organisations’ digital footprints and exploiting known vulnerabilities. Worryingly, RiskIQ discovered 5,127 at risk servers and 2,045 at risk frameworks among the UK’s top 30 firms. This is an average of 171 at risk servers and 68 at risk frameworks currently existing per organisation.
When assessing the public websites of the FT30, a total of 99,467 live websites were discovered; an average of 3,315 websites per business. Such expansive digital presence is the result of digital transformation efforts which can often result in the loss of security control, leading to opportunities for cyber adversaries to exploit weaknesses and access critical business and customer information.
Whilst businesses continue to be exposed to risk outside of the firewall, there is simultaneously an impact on consumer trust and long-term business success. For example, expired or untrusted certificates result in warning messages that dent consumer confidence and can lead to disengagement. The research uncovered an average of 35 expired certificates and 250 untrusted certificates per organization.
Risk is also present when it comes to data collection within the FT30. If done insecurely, this can lead to loss or fraudulent use of customer data, whilst impacting a business’s reputation and revenue. A total of 13,194 instances of data collection through login or input forms was discovered, of which over a quarter (29%) had no encryption, and 5% were using old encryption algorithms or expired certificates.
Fabien Libeau, VP RiskIQ, EMEA says, “Gaining visibility over an ever expanding web presence isn’t a simple task. We have recently seen the consequence of Equifax losing control of its infrastructure and web assets before falling victim to cyber-crime and impacting millions of customers. It is crucial that other organisations don’t follow suit by ensuring their digital attack surface is constantly monitored, kept under control and secure from cyber adversaries on the prowl.”
The full UK FT30 report and findings can be found here: https://www.riskiq.com/wp-content/uploads/2017/10/Understanding-Your-Attack-Surface-RiskIQ-Report-A4.pdf
RiskIQ is the leader in digital threat management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence. With more than 75 percent of attacks originating outside the firewall, RiskIQ allows enterprises to gain unified insight and control over web, social, and mobile exposures. Trusted by thousands of security analysts, RiskIQ’s platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand digital attack surfaces, assess risk, and take action to protect business, brand, and customers. Based in San Francisco, the company is backed by Summit Partners, Battery Ventures, Georgian Partners, and MassMutual Ventures. Visit RiskIQ.com or follow us on Twitter.
Try RiskIQ Community Edition for free by visiting https://www.riskiq.com/community
To learn more about RiskIQ, visit www.riskiq.com.
© 2017 RiskIQ, Inc. All rights reserved. RiskIQ is a registered trademark of RiskIQ, Inc. in the United States and other countries. All other trademarks contained herein are property of their respective owners.