Could Japan, China and South Korea be Asia’s most vulnerable countries in the world to cyber attacks? A new website from Komodo Consulting suggests that amongst the world’s top Fortune 2000 companies, those with operations in the countries could be putting themselves in danger.
KomodoSec's Peta.AI Cybersecurity Exposure Site analyses vulnerabilities in Fortune 500 companies, using information from indicators across the open internet, deep web and dark net sources.
The research and reconnaissance project was designed to showcase how organisations might appeal to an external attacker. The appeal was determined in terms of IP addresses, sensitive open ports, vulnerable applications, infected hosts and information found in deep web forums.
“The task of identifying your ‘crown jewels’ that should be protected in these huge organizations is, by itself, a challenge,” comments Yossi Shenhav, co-founder of KomodoSec Consulting.
Amongst the top vulnerable countries, Japan ranked third; China ranked seventh and South Korea ranked tenth. The USA and Germany take out the top spots as the most vulnerable countries.
The top five best protected companies in Japan include Sumitomo Mitsui Trust (financials), Blackrock (financials), Syngenta (materials) and Mitsubishi Heavy Industries (Industrials) and Takeda Pharmaceuticals (healthcare).
In China, Cathay Financial (financials), Halliburton (energy), Mitsubishi Heavy Industries (Industrials), Danone (consumer staples) and Takeda Pharmaceutical (healthcare) were the most protected companes.
In South Korea, the top five companies include Kb Financial Group (financials), Shinhan Financial Group (financials), Citibank (financials), British American Tobacco (consumer staples) and Sk Innovation (Energy).
In terms of sectors, telecommunications, IT and consumer goods were most exposed, mainly because their infrastructure is so big, the report found. When different teams are responsible for different parts of the company without coordination, security gaps occur.
“Many of the findings that come to light from our initial analysis are common across all organizations,” comments Boaz Shunami, CEO and co-founder of KomodoSec Consulting.
“Organizations are often surprised with the type of data that can be passively obtained over the Internet. This may include passwords for critical systems and key personnel, information on organizational structure, and the entire perimeter and interfaces. All this information is being analyzed to create the potential attack surface and compute a risk score.”
KomodoSec recommends that organisations ensure C-level executives are kept up to date about vulnerabilities. They must also prioritize investments on threat mitigation, particularly as it grows faster and more fierce than budgets and the people skilled enough to stop threats.