sb-as logo
Story image

Fortune 500 companies in Japan, China & South Korea most vulnerable to attacks

17 May 2017

Could Japan, China and South Korea be Asia’s most vulnerable countries in the world to cyber attacks? A new website from Komodo Consulting suggests that amongst the world’s top Fortune 2000 companies, those with operations in the countries could be putting themselves in danger.

KomodoSec's Peta.AI Cybersecurity Exposure Site analyses vulnerabilities in Fortune 500 companies, using information from indicators across the open internet, deep web and dark net sources. 

The research and reconnaissance project was designed to showcase how organisations might appeal to an external attacker.  The appeal was determined in terms of IP addresses, sensitive open ports, vulnerable applications, infected hosts and information found in deep web forums.

“The task of identifying your ‘crown jewels’ that should be protected in these huge organizations is, by itself, a challenge,” comments Yossi Shenhav, co-founder of KomodoSec Consulting.

Amongst the top vulnerable countries, Japan ranked third; China ranked seventh and South Korea ranked tenth. The USA and Germany take out the top spots as the most vulnerable countries.

The top five best protected companies in Japan include Sumitomo Mitsui Trust (financials), Blackrock (financials), Syngenta (materials) and Mitsubishi Heavy Industries (Industrials) and Takeda Pharmaceuticals (healthcare).

In China, Cathay Financial (financials), Halliburton (energy), Mitsubishi Heavy Industries (Industrials), Danone (consumer staples) and Takeda Pharmaceutical (healthcare) were the most protected companes.

In South Korea, the top five companies include Kb Financial Group (financials), Shinhan Financial Group (financials), Citibank (financials), British American Tobacco (consumer staples) and Sk Innovation (Energy). 

In terms of sectors, telecommunications, IT and consumer goods were most exposed, mainly because their infrastructure is so big, the report found. When different teams are responsible for different parts of the company without coordination, security gaps occur.

“Many of the findings that come to light from our initial analysis are common across all organizations,” comments Boaz Shunami, CEO and co-founder of KomodoSec Consulting. 

“Organizations are often surprised with the type of data that can be passively obtained over the Internet. This may include passwords for critical systems and key personnel, information on organizational structure, and the entire perimeter and interfaces. All this information is being analyzed to create the potential attack surface and compute a risk score.”

KomodoSec recommends that organisations ensure C-level executives are kept up to date about vulnerabilities. They must also prioritize investments on threat mitigation, particularly as it grows faster and more fierce than budgets and the people skilled enough to stop threats.

Story image
Radware signs on two more clients for DDoS protection
While Radware did not share the names of its two clients, the company did explain more about the partnerships.More
Story image
Microsoft: Digital transformation doesn't make SMEs immune to cyber threats
Ricky Kapur warns that despite digital transformation every business is at risk - no matter how large or small they are.More
Story image
Cisco report: Remote working is here to stay, making cybersecurity a top priority
"With this new way of working here to stay and organisations looking to increase their investment in cybersecurity, there’s a unique opportunity to transform the way we approach security as an industry to better meet the needs of our customers and end-users.”More
Story image
Insider threat report reveals deception in the workforce
Insider threats come from people inside an enterprise, whether they divulge proprietary information with nefarious intentions, or are just careless employees that unwittingly share sensitive data, writes Bitglass product marketing manager Juan Lugo.More
Story image
The three-pronged security approach that confronts security breaches head-on
Having these three processes working in tandem is key to cushioning the blow of a breach - which, if insufficiently protected, can take on average 279 days to contain and costs an average of almost US$4 million.More
Story image
Acronis expands global data centre network, including new facilities in NZ
The expansion ensures that the full range of Acronis Cyber Protection Solutions will be available to partners and organisations around the world.More