It was the worst of times; the age of cyber vulnerability; and cyber exposure was given a  superlative degree of comparison…

On June 28 this year, cyber research conducted by a cyber exposure management firm asserted that the top 25 organizations (by published market capitalization rankings) in four countries in the region were exposed to more than 1m combined potential internet-facing vulnerabilities.

Australia topped the list with 290,000 of internet-facing vulnerabilities, while India had 300,000; Japan had 120,000; Singapore had 400,000.

The research found a number of cyber hygiene issues such as outdated software, weak encryption and misconfigurations present within the largest organizations analyzed. Group by category, the vulnerabilities were:

    1. Weak SSL/TLS encryption

      Out of the total number of assets in Singapore, organizations covered in the research had over 200,000 that still supported TLS 1.0 that had already been disabled by Microsoft in September 2022.

    2. Outdated version of Log4j in use

      By relying on outdated versions of Log4j, organizations are exposed to potential cybersecurity breaches.

    3. Misconfigurations

      In this type of vulnerability, digital assets intended for internal use were inadvertently exposed and accessible externally. Not hardening these internal assets presents a substantial risk to organizations, as it effectively opens the door for malicious actors to target sensitive information and critical systems.

    4. API vulnerabilities

      Over 6,000 application programming interfaces (APIs) out of the total number of assets among organizations’ digital infrastructure in Singapore posed a substantial risk to security and operational integrity.

      The identification of over 6,000 APIs within the digital infrastructure of organizations in Singapore, for example, posed a significant risk to their security and operational integrity.

      Inadequate authentication, insufficient input validation, weak access controls, and vulnerabilities in dependencies within API v3 implementations had created a vulnerable attack surface in organizations analyzed. Such weaknesses can be exploited by malicious actors to gain unauthorized access, compromise data integrity, and launch devastating cyberattacks.

According to Nigel Ng, Senior Vice President, Tenable (APJ), which commissioned the research:

Despite its status as an advanced digital economy, Singapore emerged with the highest number of vulnerabilities among the countries studied. Companies must act now to gain better visibility of their potential attack surfaces, and work to better manage risks and prioritize mitigation. – Nigel Ng, Senior Vice President, Tenable (APJ)
Nigel Ng, Senior Vice President, Tenable (APJ)

One of the most prevalent and perilous security oversights discovered in the research was the inadvertent misconfiguration of cloud resources. It is therefore crucial for every business or government entity to possess advanced capabilities that can identify previously invisible points of vulnerability, according to the firm.