Corporate networks full of CVEs: Zscaler

By Dylan Bushell-Embling
Friday, 18 June, 2021

Corporate networks are full of common vulnerabilities, leaving businesses exposed to cyber threats, according to new research from Zscaler.

An analysis of the attack surfaces of 1500 major international companies uncovered more than 202,000 common vulnerabilities and exposures (CVE), with nearly half (49%) being ranked as critical or high severity.

The Asia–Pacific companies included in the research had an average of 800 CVE possible vulnerabilities. But this placed the region’s companies in better stead than their counterparts in EMEA (164 CVEs) and the Americas (132 CVEs).

The report found nearly 400,000 servers exposed and discoverable over the internet for these companies, with 47% of supported protocols being outdated and vulnerable.

Zscaler said it had discovered particular exposure risks in public clouds, with over 60,500 exposed instances across Amazon Web Services (AWS), Microsoft Azure Cloud and Google Cloud Platform.

There was also variance in corporate attack surfaces by industry. The report found that telecommunications companies were the most vulnerable with the highest average number of outdated protocols in their servers. They also had the third-highest average of exposed servers to the internet.

But the hospitality industry had the highest average of both exposed servers and public cloud instances. The report speculates that the rush for many restaurants to offer online ordering due to the COVID-19 pandemic has left them exposed to increased risks for both businesses and customers.

“The sheer amount of information that is being shared today is concerning because it is all essentially an attack surface. Anything that can be accessed can be exploited by unauthorised or malicious users, creating new risks for businesses that don’t have complete awareness and control of their network exposure,” said Nathan Howe, Vice President for Emerging Technology at Zscaler.

“By understanding their individual attack surfaces and deploying appropriate security measures, including zero trust architecture, companies can better protect their application infrastructure from recurring vulnerabilities that allow attackers to steal data, sabotage systems or hold networks hostage for ransom.”

Image credit: ©stock.adobe.com/au/maciek905