BusinessCyber SecurityFinance

Tenable’s Research Discovers Vulnerable Cyber Assets Across SEA’s Financial Sector

109

Exposure Management Company Tenable conducted new research that uncovered over 26,500 potential internet-facing assets among Southeast Asia’s top banking, financial services, and insurance (BFSI) companies by market capitalization. This research includes Indonesia, Malaysia, the Philippines, Singapore, Thailand, and Vietnam. 

Out of six countries, Singapore ranked the highest with over 11,000 internet-facing assets identified across its top 16 BFSI companies. The Philippines ranked last with over 2,600. Despite having lower numbers in comparison, the overall distribution of internet-accessible assets highlights the need for cybersecurity strategies that can adapt to the rapidly evolving digital landscape.

Number of internet-facing assets amongst top 90 BFSI companies by market capitalization in SEA. (source: Tenable)

“The results of our study reveal that many financial institutions are struggling to close the priority security gaps that put them at risk. Effective exposure management is key to closing these gaps,” explained Nigel Ng, Senior Vice President, Tenable APJ. “By identifying and securing vulnerable assets before they can be exploited, organizations can better protect themselves against the growing tide of cyberattacks.”

Tenable identifies five main security weaknesses in the BFSI companies across SEA, which are:

  • Cyber Hygiene Gaps: these include outdated software, weak encryption, and misconfigurations. These vulnerabilities provide cybercriminals with easily exploitable potential entry points, posing potential risks to the integrity and security of financial data.
  • Weak SSL/TLS encryption: organizations had nearly 2,500 still supporting TLS 1.0—a 25-year-old security protocol introduced in 1999 and disabled by Microsoft in September 2022. This highlights the significant challenge organizations with extensive internet footprints face in identifying and updating outdated technologies.
  • Misconfiguration increases external exposure: over 4,000 assets, originally intended for internal use, were inadvertently exposed and are now accessible externally. Failing to secure these internal assets poses a significant risk to organizations as it creates an opportunity for malicious actors to target sensitive information and critical systems.
  • Lack of encryption: over 900 assets with unencrypted final URLs present a security weakness. This lack of encryption can lead to the exposure of sensitive information and can compromise the integrity of the communication.
  • API vulnerabilities amplify risk: over 2,000 API v3 out of the total number of assets among organizations’ digital infrastructure pose a substantial risk to their security and operational integrity. Malicious actors can exploit such weaknesses to gain unauthorized access, compromise data integrity, and launch devastating cyber attacks.

“By prioritizing exposure management, these organizations can better protect their digital assets, safeguard customer trust, and ensure the resilience of their operations in an increasingly hostile digital environment,” Ng added.

To learn more about Tenable, visit its official website at https://www.tenable.com/.

Written by
Tech Beat Philippines

Tech Beat Philippines is the social media news platform for all things technology. It is also a part of the GEARS section on Daddy's Day Out.

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Daddy’s Day Out is a platform that celebrates modern masculinity and offers a space where men can unite, learn, and grow together. It fosters a community where authenticity, support, and self-expression thrive unapologetically.

Related Articles

Blockchain Student Alliance: Bitskwela, Sonic Labs Launch Program to Fill Blockchain Education Gaps in Universities

Despite the growing focus on blockchain in the Philippines, Filipino-led edutech firm Bitskwela recognizes that...

ChatGenie Launches AI Tech Set to Transform the BPO Landscape and Elevates Traditional Customer Service Roles

ChatGenie, a customer engagement solutions startup, introduced an AI-powered multi-agent framework that...

Businesses in Southeast Asia Face Over 23 Million Bruteforce Attacks in 2024, Reports Kaspersky

Kaspersky reported a massive record of over 23M bruteforce attacks targeting businesses...

Kaspersky Reveals IT Security Headaches: Data Protection, Complex Tech, and Downtime

Kaspersky IT Security Economics reported most companies are most concerned about productivity loss, securing...