Attack Surface Report

Cosmos: Protecting the Perimeter

To best understand the vulnerability landscape that organizations are up against, Bishop Fox meticulously examined 17,000 data points, extracted from over 110 billion automations, within a 12-month period derived from our attack surface management platform, Cosmos. From there, we developed a comprehensive propensity model that allows security and organizational leadership to visualize the potential impact of leaving vulnerable exposures to chance.

In our analysis, we explore: 

  • The growing window of exploitability across expanding attack surfaces
  • Six considerations that guide security teams on how to implement technologies that minimize perimeter exposures
  • Insights that reveal the exposures that are slipping through the cracks, their relative severity, comparisons across industries, and the ultimate impact on a business

Get the Report

By submitting this form, you indicate that you have read and agree to the terms of our Privacy Policy.


Defend Forward With New Insights Into Attack Surface Exposures

Calendar Icon.

1/425 publicly accessible assets will become exploitable over a 12-month period

Process icon.

32% of exposures found are categorized as misconfigurations

Warning sign icon.

20% of all findings are rated as critical or high in severity

Which Exposures Are Most Impactful?

Industry Breakdown by Exposure Severity

Looking at exposure severity distribution from an industry perspective, this is where the race against time starts to really come into play. Utilities rated very high in terms of number of exposures at 1,039, but only 9% of those total exposures have a critical or high severity rating, meaning that there are few instances where attackers have unabated, business impactful access to infrastructure in this industry. 

On the other hand, while the number of Software and Services findings are significantly lower, the severity of those exposures tells a different story – indicative of a more vulnerable attack surface than meets the eye. Exposure severity clocked in at 26% for both critical and high ratings, highlighting this industry as the second highest ranked based on exposure severity.

Which Exposures Are Most Prevalent?

Industry Breakdown by Exposure Category

Looking at the exposures found categorically starts to paint a more detailed picture of the real dangers at hand. We’ve grouped our exposure findings into five categories with associated percentages to further analyze vulnerabilities across attack surfaces. 

When analyzing the distribution across industries, it is evident that types of exposures vary greatly. For instance, the Utilities sector is most susceptible to vulnerable configurations (63%), while the Telecom industry is more susceptible to exposures related to sensitive information disclosure and insecure/exposed web service (66%).


Exploitable Exposures for Publicly Facing Assets

To visualize the real world business impacts of leaving exposures to chance, we produced a large-scale illustration of our findings in a propensity model at 100k publicly facing assets. 

Here's what we found: 

  • 235 exposures will become exploitable across all industries over a 12-month period. 
  • Financial Services has a better track record than the industry average (119 exposures), no doubt due to good hygiene and mature security programs. 
  • However, Manufacturing stands at a significantly higher risk with 1,043 exposures.
Webcast title in Futuristic Neon lettering: Achieving Warp Speed to Continuous Penetration Testing: How to Calculate ROI for your Organization.


Continuous Testing: How to Calculate ROI for Your Business

As attack surfaces rapidly expand and adversaries up the ante, our approach to security must evolve faster than ever. But justifying security solutions can be an uphill battle without knowing the impact it will have on your business.

Use our customizable calculation method to determine your ROI for a continuous offensive testing solution, which is purposefully designed based on cost savings and risk mitigation associated with a public breach resulting in data disclosure.


Find Attack Surface Exposures Before Adversaries Do

As the marketplace continues to explode with security offerings, it is important to put laser focus on the security needs of the external perimeter and improving on the time to beat attackers to the exposures that present business risk. This encompasses a complete strategy that not only discovers assets and exposures, but also validates exploitability under real-world conditions and prioritizes those that are most dangerous to business operations.

— The Bishop Fox Team

Are you ready? Start defending forward.

Are you ready to uncover your digital footprint and get a real-time, attacker’s view of your perimeter? Request a demo to see the Cosmos platform in action.

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.