Products Overview Attack Surface Management Automated Security Testing Exploit Intelligence
Platform How It Works AI at CyCognito Pricing
 
Demo of the CyCognito Platform

See the CyCognito platform in action to understand how it can help you identify, prioritize and eliminate your most critical risks. More...

Real World Solutions Assess Your Security Effectiveness Secure Your Software Supply Chain Manage Your Attack Surface
  Monitor Subsidiary Risk Prioritize & Eliminate Attack Vectors Scale Your Pen Testing
  Simplify Compliance Initiatives Evaluate Merger & Acquisition Risk
State of External Exposure Management, Summer 2024 Edition

Download the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024. More...

Meet Our Customers Customer Overview Customer Testimonials Customer Videos
Customer Stories Berlitz Asklepios Ströer Human API Scientific Games
Current Customers Customer Support Customer Login Knowledge Base
The Total Economic Impact™ of The CyCognito Platform

Read The Total Economic Impact™ of The CyCognito Platform — a Forrester study. Cost Savings And Business Benefits Enabled By The CyCognito Platform. More...

Company About Us Leadership Team Careers Privacy and Trust Contact Us
News Latest News Press Releases Media Coverage Events Awards
Partners Partner Program Resellers, MSPs & Systems Integrators Technology Alliance Partners
  Partner Training Sales Training Technical Bootcamps Become a Partner Partner Login
 
Resources What's New Research Reports White Papers + eBooks Solution Briefs Datasheets
  Webinars Videos Blog Glossary Security & Compliance
Learning Center API Security Application Security Attack Surface DRPS
  Exposure Management Vulnerability Assessment Vulnerability Management
EASM 101 External Attack Surface Management Attack Surface Management Attack Surface Discovery Attack Surface Protection Attack Surface Reduction
Press Release

CyCognito Report Exposes Rising Software Supply Chain Threats

CyCognito Report Exposes Rising Software Supply Chain Threats

Findings reveal escalating risks in the software supply chain, highlighting vulnerabilities in web servers, cryptographic protocols, and web interfaces that handle PII

Palo Alto, California – September 18, 2024

CyCognito today announced the release of its second annual "State of External Exposure Management 2024," providing critical insights into the threats targeting external assets and the software supply chain.

Gartner reports that 60 percent of organizations work with over 1,000 third parties, many of which supply misconfigured or vulnerable hardware and software, putting customers at risk. High-profile vulnerabilities like MOVEit Transfer, Apache Log4J, and Polyfill underscore these risks—a concern further emphasized by CyCognito's report revealing that many vulnerabilities increasingly stem from third-party software.

To create this report, CyCognito's research team aggregated and analyzed over 39 million anonymized and normalized data points from its global customer base of small, medium, and large Fortune 500 companies. Key findings:

  • Web Servers Dominate Severe Issues: Web server environments, including platforms like Apache, NGINX, Microsoft IIS, and Google Web Server, were the host of one in three (34%) of all severe issues across surveyed assets. They accounted for more severe issues than 54 other environments combined (out of 60 total environments surveyed).
  • Impact of TLS and HTTPS Protocol Vulnerabilities: 15% of all severe issues on the attack surface affect platforms using TLS or HTTPS protocols. TLS issues are significant for all network-delivered data, but web apps especially so; web apps lacking encryption are currently ranked #2 of the OWASP Top 10.
  • Insufficient WAF Protection for PII-Handling Web Interfaces: Only half of surveyed web interfaces that handle personally identifiable information (PII) were protected by a WAF.
  • Web Interfaces Lacking HTTPS and WAF Leave PII Exposed: Despite HTTPS celebrating its 30th birthday this year, almost one in three (31%) of surveyed web interfaces failed to implement it. More than 60% of these interfaces that expose PII also lack a WAF.

To download the full report, please visit this link.

About CyCognito

CyCognito is an exposure management platform that reduces risk by discovering, testing and prioritizing security issues. The platform scans billions of websites, cloud applications and APIs and uses advanced AI to identify the most critical risks and guide remediation. Emerging companies, government agencies and Fortune 500 organizations rely on CyCognito to secure and protect from growing threats. For more information, visit https://www.cycognito.com

Media Contact
Ignacio Ramirez

Switch PR
(415) 517-6708
[email protected]

The Platform to Rule Your Risk

The CyCognito platform preempts attacks and helps satisfy key elements of most common security frameworks and many regulatory compliance standards.

Learn more about the CyCognito and take the first step to Rule Your Risk.

See How It Works