Over 400,000 potential internet-facing vulnerabilities found in Singapore companies: Tenable

Cyber hygiene issues such as outdated software are still present within the largest organisations in Singapore.

More than 400,000 internet-facing assets across Singapore’s top 25 companies by market capitalisation are susceptible to potential exploitation, according to Tenable.

The exposure management company also found cyber hygiene issues such as outdated software, weak encryption and misconfigurations present within the largest organisations in Singapore.

For instance, organisations in the country had over 200,000 assets that still support TLS 1.0, a security protocol first defined in 1999 for establishing encrypted channels over computer networks that was disabled by Microsoft last September.

Moreover, out of the total assets Tenable examined in Singapore, over 6,000 that were initially intended for internal use have been inadvertently exposed and are now accessible externally. Not hardening these internal assets presents a substantial risk to organisations, as it effectively opens the door for malicious actors to target sensitive information and critical systems.

Tenable also identified over 6,000 application programming interfaces (APIs) within the digital infrastructure of Singapore companies. APIs serve as crucial connectors between software applications, facilitating seamless data exchange. However, inadequate authentication, insufficient input validation, weak access controls, and vulnerabilities in dependencies within API v3 implementations create a vulnerable attack surface. Such weaknesses can be exploited by malicious actors to gain unauthorised access, compromise data integrity, and launch devastating cyber attacks.

"An alarming reality is that only a handful of organisations possess a comprehensive understanding of their complete digital footprint. One of the most prevalent and perilous security oversights is the inadvertent misconfiguration of cloud resources, making them vulnerable to the internet," says Nathan Wenzler, Tenable’s chief cybersecurity strategist.

He adds: "It is crucial for every business or government entity to possess advanced capabilities that can identify previously invisible points of vulnerability. By proactively preventing attacks rather than merely managing them, organisations can effectively safeguard their digital infrastructure."

See Also:

• Click here to stay updated with the Latest Business & Investment News in Singapore

• Companies play catch-up as cybersecurity attacks rise in digital India

• Safeguarding customer trust in the finance sector

• Why immutable backups are key in the fight against ransomware

• Read more stories about where the money flows, and analysis of the biggest market stories from Singapore and around the World

• Get in-depth insights from our expert contributors, and dive into financial and economic trends

• Follow the market issue situation with our daily updates

• Or want more Lifestyle and Passion stories? Click here