Who We Are
- - The Global Cyber Alliance has a singular purpose: to reduce cyber risk. Learn about our goals, our impact, and meet the minds behind our mission.
Programs & Initiatives
- - At GCA, our core programs – Internet Integrity and Capacity & Resilience – aim to tackle key challenges of interent infrastructure, privacy, and safety.
- - Internet Integrity Program
    - Domain Trust
    - AIDE
  - Cyber Civil Defense
- - Capacity & Resilience Program
    - GCA Toolkits
    - Actionable Cybersecurity Tools
Tools
- - We create free, useful tools that make a real impact on improving security for organizations and individuals. Explore our tools here.
Get Involved
- - There are many ways that you can become part of our global effort. Whether it’s using one of our tools to help improve your own cybersecurity, partnering with us on cutting edge projects, or investing resources, your involvement is what makes our success possible!
- - Use a Tool
  - Become a Partner
- - Community Forum
  - Donate
News & Events
- - Explore the latest news from across the GCA community, find upcoming webinars and local events, and dive deeper into resource content.
- - News
  - Events
- - Blog
  - Reports & Publications

Who We Are
- - The Global Cyber Alliance has a singular purpose: to reduce cyber risk. Learn about our goals, our impact, and meet the minds behind our mission.
Programs & Initiatives
- - At GCA, our core programs – Internet Integrity and Capacity & Resilience – aim to tackle key challenges of interent infrastructure, privacy, and safety.
- - Internet Integrity Program
    - Domain Trust
    - AIDE
  - Cyber Civil Defense
- - Capacity & Resilience Program
    - GCA Toolkits
    - Actionable Cybersecurity Tools
Tools
- - We create free, useful tools that make a real impact on improving security for organizations and individuals. Explore our tools here.
Get Involved
- - There are many ways that you can become part of our global effort. Whether it’s using one of our tools to help improve your own cybersecurity, partnering with us on cutting edge projects, or investing resources, your involvement is what makes our success possible!
- - Use a Tool
  - Become a Partner
- - Community Forum
  - Donate
News & Events
- - Explore the latest news from across the GCA community, find upcoming webinars and local events, and dive deeper into resource content.
- - News
  - Events
- - Blog
  - Reports & Publications

Blog

Abandoned Web Applications: Achilles' Heel of FT 500 Companies

By

November 13, 2018

Abandoned Web Applications Jeopardize Corporate Cybersecurity

Web security company High-Tech Bridge, a Geneva-based GCA member, has recently produced a research of FT 500 companies in the US and EU.

Using a non-intrusive portfolio of free products, they questioned how many external web applications, web services, domain names, and unprotected cloud storage is attributable to the largest companies without access to any internal information. Unsurprisingly – quite a lot, and very few of those are secure. The numbers reveal that:

70% of FT 500 can find access to some of their websites being sold on Dark Web
92% of external web applications have exploitable security flaws or weaknesses
19% of the companies have external unprotected cloud storage
2% of external web applications are properly protected with a WAF
Every single company has some non-compliances with GDPR

The shocking numbers are largely explained by intricate IT infrastructures of large organizations, human weaknesses and lack of continuous monitoring. Shadow, legacy, and abandoned web applications open the door to corporate crown jewels, being abandoned without due maintenance and protection.

Worse, such applications frequently contain confidential data, including PII or even financial records. According to industry analyst firm Gartner, by 2020, a third of successful attacks experienced by enterprises will be on their shadow IT resources.

The full version of High-Tech Bridge’s research is available here.

cyber cyber security cybersecurity High-Tech Bridge web security

Back to Blog Next Post