The average number of vulnerabilities discovered in a Cyberpion scan of external Fortune 500 networks (such as cloud systems) was 296, many critical (with the top of the scale weighing in at a staggering 7,500).
By Ran Nahmias, Co-Founder and CBO, Cyberpion
The concept of risk in enterprise IT is constantly evolving. And considering recent findings, it’s clear that there’s a risk frontier that’s been underestimated – Nth party risk.
Traditional enterprise risk management has focused on two domains: Internal risk and external (vendor) risk. Yet in an era of increasingly distributed, outsourced and long-tail remote IT infrastructure – it turns out that vendors and other third parties are just the tip of the external risk iceberg. What’s more, it turns out that third, fourth, fifth (and beyond…thus, the “Nth“) parties are not so external anymore, either. Here’s what I mean.
“External” Becomes “Internal”
The concept of “internal” and “external” has been evolving, too. How significantly? To find out, we recently conducted a survey of the public and internet-facing assets of every Fortune 500 company out there.
We discovered that nearly 75 percent of the IT infrastructure of a typical Fortune 500 company is external to the