The largest organisations in Australia have a number of cyber hygiene problems, including out-of-date software, weak encryption, and misconfigurations, according to recent research by Tenable®, Inc., the Exposure Management company.

A review of the external attack surface of 25 Australian organisations with the highest market capitalisation [as listed on Market Index] was done on June 28, 2023. According to the findings, the average organisation has nearly 12,000 internet-facing assets that could be exploited, for a total of more than 290,000 assets among the study group. These results highlight the massive cybersecurity architecture that businesses must protect in order to safeguard sensitive information and important systems.

In 2017, Australia reported 76,000 cyberattacks, or one every seven minutes, according to Scott McKinnel, Country Manager ANZ for Tenable. These recent high-profile cyberattacks serve as a sobering reminder that criminals only need to be successful once, whereas defences must ensure cybersecurity is effective at all times. The foundation of Australia's digital security is a thorough understanding of the attack surface and every potential entry point.

Weak SSL/TLS encryption 

One striking observation is that out of the total number of assets for all companies tracked, organisations had over 9,500 web-based assets that still support TLS 1.0 [a security protocol first defined in 1999 for establishing encrypted channels over computer networks] that was disabled by Microsoft in September [2022]. This is just one example demonstrating how challenging it’s become for organisations with large internet footprints to identify and update outdated technology.

Outdated version of Log4J still presentThe examination revealed that out of the total assets for all companies tracked, more than 8,000 assets are susceptible to the Log4J vulnerability. This alarming finding highlights a significant concern, as known vulnerabilities like Log4J are the primary cause of a majority of cyberattacks. By relying on outdated versions of Log4J, organizations are leaving themselves exposed to potential cybersecurity breaches. 

Misconfiguration increases external exposureAnother concerning finding was that over 12,000 assets out of the total, initially intended for internal use, have been inadvertently exposed and are now accessible externally. Not hardening these internal assets presents a substantial risk to organisations, as it effectively opens the door for malicious actors to target sensitive information and critical systems.  

API vulnerabilities amplify risk

Furthermore, the identification of more than 4,000 APIs out of the total number of assets among organisations' digital infrastructure poses a substantial risk to their security and operational integrity. APIs serve as crucial connectors between software applications, facilitating seamless data exchange. However, inadequate authentication, insufficient input validation, weak access controls, and vulnerabilities in dependencies within API implementations create a vulnerable attack surface. Such weaknesses can be exploited by malicious actors to gain unauthorised access, compromise data integrity, and launch devastating cyberattacks. "An alarming reality is that only a handful of organisations possess a comprehensive understanding of their complete digital footprint. One of the most prevalent and perilous security oversights is the inadvertent misconfiguration of cloud resources, making them vulnerable to the internet," highlighted Nathan Wenzler, Chief Cybersecurity Strategist at Tenable. "It is crucial for every business or government entity to possess advanced capabilities that can identify previously invisible points of vulnerability. By proactively preventing attacks rather than merely managing them, organisations can effectively safeguard their digital infrastructure."

About Tenable

Tenable® is the Exposure Management company. Approximately 43,000 organisations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include approximately 60 percent of the Fortune 500, approximately 40 percent of the Global 2000, and large government agencies. Learn more at tenable.com.

Got a news tip for our journalists? Share it with us anonymously here.

Send press releases to [email protected]. Other ways to contact us. Editorially, we may rewrite headlines and descriptions.

Recommend Redwires AU: Accessible News For Young Cybersecurity Aussies

Redwires AU provides Young Australians with easily accessible, curated cybersecurity news.

Before you go..

You can get RedWires AU for free right now. Your donation, no matter how big or small, will help us keep doing honest journalism.

The readers of Redwires AU are the engine that drives our publication. Add your support to the effort to create a sustainable future for journalism that does not make compromises in the AU.

In the world we live in now, accurate and thorough reporting and analysis are becoming more and more critical. To stop the spread of false information, it's essential that everyone in Australia has access to good reporting.

The Redwires AU contributes to society by opening up access to information and resources for all people, rather than just a select few.

Our only goal is to educate the general public more thoroughly. If you believe in what we're trying to accomplish here, please consider making a contribution right away to ensure our success in the years to come.

Upgrade your subscription to get the most out of it. Join the growing number of people around the world who believe in the power of independent media.