Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of Data Centre Solutions is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The Data Centre Solutions Video magazine contains the latest Zoom interviews with experts in the industry.
ThingsRecon, a leader in external attack surface discovery and supply chain intelligence, has recently published the findings from its first industry-wide study. The research investigated the state of digital hygiene across enterprises, analysing over 770,000 digital assets encompassing applications, domains, IPs, scripts, and certificates from various organisations.
The results were startling, uncovering more than 800,000 high-severity hygiene issues. With more issues than assets, the study highlights that, on average, every digital asset is burdened by at least serious grave weakness. Such alarming figures raise serious concerns regarding enterprise-level cybersecurity practices.
Key findings of the study outline:
Specific cases within organisations brought further clarity to the gravity of the situation. In one scenario, an organisation operating 2,700 applications had 21 exposing unencrypted login forms, leaving credentials vulnerable to interception. Elsewhere, 1,100 dangling DNS records were discovered amongst 6,000 applications, with almost one in five apps carried an exploitable misconfiguration.
Chief Product Officer and Co-Founder of ThingsRecon, Stephane Konarkowski, remarked that "These results show that cyber hygiene failure are systemic, not isolated". Problems identified, such as unencrypted logins and dangling DNS records, show how attackers can exploit fundamental mistakes rather than relying on sophisticated methods.
Overall, the study focused only on high-severity hygiene issues affecting applications, domains, and certificates. Medium- and low-level concerns, APIs, software, third-party components, public IP infrastructure, and traditional software vulnerabilities were not included. This caveat suggests that the actual scale of weaknesses is far greater than the alarming 800,000 reported.
As Stephane further confirmed, "Our findings highlight that enterprise urgently need continuous, external visibility of their digital surfaces. Even the world's largest organisations are overlooking fundamentals that create real-world risk."
