Abandoned Web Applications: Achilles' Heel of FT 500 Companies

November 13, 2018

Abandoned Web Applications Jeopardize Corporate Cybersecurity


Web security company High-Tech Bridge, a Geneva-based GCA member, has recently produced a research of FT 500 companies in the US and EU.

Using a non-intrusive portfolio of free products, they questioned how many external web applications, web services, domain names, and unprotected cloud storage is attributable to the largest companies without access to any internal information. Unsurprisingly – quite a lot, and very few of those are secure. The numbers reveal that:

  • 70% of FT 500 can find access to some of their websites being sold on Dark Web
  • 92% of external web applications have exploitable security flaws or weaknesses
  • 19% of the companies have external unprotected cloud storage
  • 2% of external web applications are properly protected with a WAF
  • Every single company has some non-compliances with GDPR

The shocking numbers are largely explained by intricate IT infrastructures of large organizations, human weaknesses and lack of continuous monitoring. Shadow, legacy, and abandoned web applications open the door to corporate crown jewels, being abandoned without due maintenance and protection.

Worse, such applications frequently contain confidential data, including PII or even financial records. According to industry analyst firm Gartner, by 2020, a third of successful attacks experienced by enterprises will be on their shadow IT resources.

The full version of High-Tech Bridge’s research is available here.