THE INTERNET-FACING ASSETS of banks in Southeast Asia, including the Philippines, are at risk of being exploited by cyberattackers due to potential vulnerabilities and weak cyber hygiene, a study by exposure management company Tenable found.
This, even as the Philippines had the lowest number of risky assets compared to other countries in the Southeast Asian region at 2,600, it said in a statement.
Tenable’s research found that there are more than 26,500 potential internet-facing assets among over 90 top banking, financial services and insurance (BFSI) companies by market capitalization in Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam.
Singapore had over 11,000 internet-facing assets identified across its top 16 BFSI companies, with 6,000 of those assets hosted in the United States. Next was Thailand with over 5,000 assets.
“The findings revealed that the average organization possesses nearly 300 internet-facing assets susceptible to potential exploitation. The distribution of internet-accessible assets underscores the need for cybersecurity strategies that adapt to the rapidly evolving digital landscape,” it said.
“The results of our study reveal that many financial institutions are struggling to close the priority security gaps that put them at risk… By identifying and securing vulnerable assets before they can be exploited, organizations can better protect themselves against the growing tide of cyberattacks,” Nigel Ng, senior vice-president at Tenable Asia Pacific & Japan.
The study found that banks in the region have vulnerabilities and cyber hygiene issues, including outdated software, weak encryption, and misconfigurations.
“These vulnerabilities provide cybercriminals with easily exploitable potential entry points, posing potential risk to the integrity and security of financial data,” Tenable said.
Nearly 2,500 of the banks’ internet-facing assets supported outdated security protocols, while over 4,000 assets that were originally intended for internal use were inadvertently exposed and are now accessible externally.
“Failing to secure these internal assets poses a significant risk to organizations, as it creates an opportunity for malicious actors to target sensitive information and critical systems,” the company said.
Over 900 assets had unencrypted links, while more than 2,000 assets of the banks included in the study had application programming interface or API vulnerabilities, it added.
“Malicious actors can exploit such weaknesses to gain unauthorized access, compromise data integrity, and launch devastating cyberattacks,” Tenable said.
“By prioritizing exposure management, these organizations can better protect their digital assets, safeguard customer trust, and ensure the resilience of their operations in an increasingly hostile digital environment,” Mr. Ng said. — AMCS