Singapore – As email breaches now become a major source of cyber risk, the latest data from digital forensics and cybersecurity firm Blackpanda revealed that compromised assets or email breaches ranked first among the top three major cyber vulnerabilities.
According to the report, the other two include exposed web services and known software vulnerabilities.
Data from the findings also highlighted that a substantial figure of 71.68% of the total risk level originates from email breaches or compromised assets, which the organisation emphasises as the most prevalent vulnerability.
Email breaches, as per the report, can also serve as a primary source for phishing or compromised networks, leading to corporate data leakage.
Moreover, it was noted that exposed web services constitute 69.92% of high-risk exposed services issues. Vulnerabilities in web services also indicate a widespread vulnerability to web-based attacks, which can disrupt operations and compromise customer data.
Known software vulnerabilities, on the other hand, are of a medium-risk level and account for 59.96% of system security issues. These vulnerabilities could be common concerns for software vendors and organisations.
Additionally, the report identified database and remote access services vulnerabilities as threats to organisations, along with system services and DNS configuration issues. The underlying risks from software misconfiguration and SSL/TLS configuration gaps can lead to severe breaches if not promptly addressed.
Evelyn Del Monte, managing director at Blackpanda Philippines, said, “In the Philippines, we see a significant number of high-severity vulnerabilities that allow attackers to compromise administrative credentials, gain unauthorised access to email accounts, or disrupt server operations.”
Gene Yu, CEO at Blackpanda Group, also commented, saying, “The majority of the cyber incidents we encounter can be traced back to fundamental vulnerabilities that remain unpatched.”
The said report utilised an in-house external attack surface management scan to identify top vulnerabilities that represent significant risk levels where threats are recommended to be resolved as soon as practicable or within a matter of days to prevent potential infiltration by attackers to launch an attack.
