Cyberpion Discovers 148,000 Critical Vulnerabilities Across Fortune 500 Organizations

Cyberpion Discovers 148,000 Critical Vulnerabilities Across Fortune 500 Organizations

KIRKLAND, Wash., Dec. 6, 2022 -- Cyberpion, a cybersecurity leader in external attack surface management (EASM), revealed today its analysis of public and internet-facing assets of 471 of the Fortune 500, which discovered more than 148,000 critical vulnerabilities, with an average of 476 per organization. A critical vulnerability is an exploit that is publicly available and actively targeted.

Cyberpion's enterprise research follows the recent Cybersecurity and Infrastructure Security Agency's (CISA) binding Operational Directive for federal government networks. The Directive focuses on "two core activities essential to improving operational visibility for a successful cybersecurity program: asset discovery and vulnerability enumeration."

"Our findings show that Fortune 500 organizations should follow CISA's lead," said Nethanel Gelernter, Cyberpion co-founder and CEO. "They are recognizing the importance of comprehensive attack surface visibility and risk exposure. With the adoption of new technologies, distributed employees and customers, and ever-growing engagement of third-party partners, exposed assets are often unknown to and unmanaged by IT and security teams. As CISA makes clear, this presents an unacceptable level of risk."

Additional key findings include:

  • 98% had critically vulnerable internal assets, with an average of 476 per organization.
  • 62% had critical risky connections with an average of eight and a maximum of 350.
  • 95% had expired certificates and 85% had exposed login pages accessible over HTTP.

To reduce these risks, organizations need complete visibility over their entire external attack surface. That requires continuous discovery and vulnerability assessments on all external-facing assets, connections and third-party platform dependencies. Only with a comprehensive, up-to-date, prioritized, and actionable inventory of assets and services and their potential vulnerabilities, can security teams have a clear idea of the actions required to resolve them before they can be exploited.

To learn more about Cyberpion's findings, attend "The State of Fortune 500 Attack Surface Threats" webinar being held Wednesday, Dec. 7 at 1 p.m. ET. Register here.

About Cyberpion

Cyberpion solves the rising cybersecurity challenge of understanding the risks and vulnerabilities of connected online assets that form your external attack surface. We strengthen your security posture by continuously discovering, inventorizing, monitoring and assessing the threat vectors present throughout online ecosystems outside the traditional security perimeter to prevent attacks. The company is privately held with funding led by U.S. Venture Partners, Team8 and Hyperwise. To learn more, visit, and follow us on Twitter and LinkedIn.

Michelle Baum