Singapore’s Top Companies Exposed to Over 400,000 Internet-Facing Vulnerabilities, Study Reveals

Unveiling Singapore’s cyber vulnerabilities: study reveals outdated software, weak encryption, and misconfigurations leave organizations exposed.

Singapore, known for its advanced digital economy, is facing a pressing cybersecurity challenge, according to a recent study conducted by Tenable, Inc. The research uncovered more than 400,000 potential internet-facing vulnerabilities among the top 25 companies in Singapore based on market capitalization.

On June 28, 2023, Tenable examined the external attack surface of these organizations and discovered that, on average, each organization possesses nearly 16,000 internet-facing assets susceptible to potential exploitation. This staggering number adds up to over 400,000 assets collectively across the study group.

Nigel Ng, Senior Vice President of Tenable APJ, emphasized the critical importance of cybersecurity architecture in Singapore’s rapidly growing and interconnected digital landscape. As digital adoption continues to expand, the need for robust protection of sensitive data and critical systems cannot be underestimated.

The Tenable study shed light on several cyber hygiene issues prevalent among Singapore’s largest organizations. These issues include outdated software, weak encryption, and misconfigurations, which create attractive entry points for cybercriminals seeking to exploit vulnerabilities.

The study also compared the number of internet-facing vulnerabilities among the top 25 organizations in several countries. Surprisingly, Singapore emerged with the highest number of vulnerabilities, surpassing countries like Australia, India, and Japan. This finding serves as a wake-up call for Singaporean organizations to acknowledge the potential risks associated with every internet-facing asset they possess.

Nigel Ng further urged companies to proactively address these vulnerabilities, emphasizing the need for better visibility of their potential attack surfaces. By gaining a comprehensive understanding of their digital footprint, organizations can prioritize risk mitigation and take necessary measures to protect their valuable assets.

The Tenable study highlighted specific vulnerabilities within Singapore’s digital infrastructure. For instance, over 200,000 assets still support TLS 1.0, a security protocol disabled by Microsoft in September 2022. Outdated software, such as the Log4J vulnerability, poses significant risks as it remains present in over 8,000 assets.

Additionally, the study revealed that more than 6,000 internal assets, initially intended for internal use, have inadvertently been exposed externally. This misconfiguration increases the vulnerability of organizations, leaving them susceptible to potential data breaches and attacks.

Furthermore, the identification of over 6,000 APIs within the digital infrastructure of organizations in Singapore amplifies the risk. Inadequate authentication, insufficient input validation, weak access controls, and vulnerabilities in API v3 implementations create a vulnerable attack surface, which can be exploited by malicious actors.

Nathan Wenzler, Chief Cybersecurity Strategist at Tenable, emphasized the importance of comprehensive understanding of the digital footprint. He highlighted the risks associated with inadvertent misconfiguration of cloud resources and stressed the need for advanced capabilities to identify previously invisible vulnerabilities.

Taking a proactive approach to preventing attacks, rather than simply managing them, is crucial for safeguarding digital infrastructure. Businesses and government entities must prioritize advanced security measures to ensure the integrity and protection of their systems and data.

As Singapore continues its digital transformation journey, addressing these vulnerabilities and strengthening cybersecurity measures are paramount. By doing so, organizations can safeguard their critical assets, maintain trust, and uphold Singapore’s reputation as a leading digital economy.