Over 400,000 potential internet-facing vulnerabilities found in Singapore companies: Tenable

For instance, organisations in the country had over 200,000 assets that still support TLS 1.0, a security protocol first defined in 1999 for establishing encrypted channels over computer networks that was disabled by Microsoft last September.

Moreover, out of the total assets Tenable examined in Singapore, over 6,000 that were initially intended for internal use have been inadvertently exposed and are now accessible externally. Not hardening these internal assets presents a substantial risk to organisations, as it effectively opens the door for malicious actors to target sensitive information and critical systems.

Tenable also identified over 6,000 application programming interfaces (APIs) within the digital infrastructure of Singapore companies. APIs serve as crucial connectors between software applications, facilitating seamless data exchange. However, inadequate authentication, insufficient input validation, weak access controls, and vulnerabilities in dependencies within API v3 implementations create a vulnerable attack surface. Such weaknesses can be exploited by malicious actors to gain unauthorised access, compromise data integrity, and launch devastating cyber attacks.

"An alarming reality is that only a handful of organisations possess a comprehensive understanding of their complete digital footprint. One of the most prevalent and perilous security oversights is the inadvertent misconfiguration of cloud resources, making them vulnerable to the internet," says Nathan Wenzler, Tenable’s chief cybersecurity strategist.

See also: Younger consumers in Singapore more receptive towards AI agents

He adds: "It is crucial for every business or government entity to possess advanced capabilities that can identify previously invisible points of vulnerability. By proactively preventing attacks rather than merely managing them, organisations can effectively safeguard their digital infrastructure."