Exposure Management Company Tenable conducted new research that uncovered over 26,500 potential internet-facing assets among Southeast Asia’s top banking, financial services, and insurance (BFSI) companies by market capitalization. This research includes Indonesia, Malaysia, the Philippines, Singapore, Thailand, and Vietnam.
Out of six countries, Singapore ranked the highest with over 11,000 internet-facing assets identified across its top 16 BFSI companies. The Philippines ranked last with over 2,600. Despite having lower numbers in comparison, the overall distribution of internet-accessible assets highlights the need for cybersecurity strategies that can adapt to the rapidly evolving digital landscape.
“The results of our study reveal that many financial institutions are struggling to close the priority security gaps that put them at risk. Effective exposure management is key to closing these gaps,” explained Nigel Ng, Senior Vice President, Tenable APJ. “By identifying and securing vulnerable assets before they can be exploited, organizations can better protect themselves against the growing tide of cyberattacks.”
Tenable identifies five main security weaknesses in the BFSI companies across SEA, which are:
- Cyber Hygiene Gaps: these include outdated software, weak encryption, and misconfigurations. These vulnerabilities provide cybercriminals with easily exploitable potential entry points, posing potential risks to the integrity and security of financial data.
- Weak SSL/TLS encryption: organizations had nearly 2,500 still supporting TLS 1.0—a 25-year-old security protocol introduced in 1999 and disabled by Microsoft in September 2022. This highlights the significant challenge organizations with extensive internet footprints face in identifying and updating outdated technologies.
- Misconfiguration increases external exposure: over 4,000 assets, originally intended for internal use, were inadvertently exposed and are now accessible externally. Failing to secure these internal assets poses a significant risk to organizations as it creates an opportunity for malicious actors to target sensitive information and critical systems.
- Lack of encryption: over 900 assets with unencrypted final URLs present a security weakness. This lack of encryption can lead to the exposure of sensitive information and can compromise the integrity of the communication.
- API vulnerabilities amplify risk: over 2,000 API v3 out of the total number of assets among organizations’ digital infrastructure pose a substantial risk to their security and operational integrity. Malicious actors can exploit such weaknesses to gain unauthorized access, compromise data integrity, and launch devastating cyber attacks.
“By prioritizing exposure management, these organizations can better protect their digital assets, safeguard customer trust, and ensure the resilience of their operations in an increasingly hostile digital environment,” Ng added.
To learn more about Tenable, visit its official website at https://www.tenable.com/.
Leave a comment