Cyber security
Summary is AI-generated, newsdesk-reviewed
  • ThingsRecon study reveals over 800,000 high-severity digital hygiene issues across enterprises.
  • Over 770,000 digital assets analysed; every asset carries at least one serious weakness.
  • Two-thirds of domains show multiple weaknesses; 1 in 3 certificates misconfigured.
Related Links

ThingsRecon, a pioneer in external attack surface discovery and supply chain intelligence, has released the results of its first industry-wide study into the state of digital hygiene across enterprises. 

The research analysed more than 770,000 digital assets, including applications, domains, IPs, scripts, and certificates, across multiple organisations. The findings uncovered over 800,000 high-severity hygiene issues. That’s more issues than assets, meaning that on average every digital asset carried at least one serious weakness. 

Other key findings

  • Every application checked carried more than one issue on average (110% issue density) 
  • Nearly two-thirds of domains showed multiple weaknesses (165% issue density) 
  • 1 in 3 certificates were misconfigured (33%) 

Cyber hygiene failures

DNS records were found across 6,000 applications, while nearly 1 in 5 apps carried an exploitable misconfiguration

In one organisation running 2,700 applications, 21 were found exposing unencrypted login forms, leaving credentials vulnerable to interception. In another case, 1,100 dangling DNS records were discovered across 6,000 applications, while nearly 1 in 5 apps carried an exploitable misconfiguration. 

These results show that cyber hygiene failures are systemic, not isolated,” said Stephane Konarkowski, Chief Product Officer and Co-Founder of ThingsRecon, adding “From unencrypted logins to dangling DNS records, attackers don’t need advanced exploits to gain access; they just take advantage of overlooked basics.” 

Other internet-facing services

Importantly, the study only considered high-severity hygiene issues across applications, domains, and certificates. It did not include medium- and low-level hygiene issues, APIs, software and third-party components, public IP infrastructure, traditional software vulnerabilities (CVEs) or other internet-facing services. That means the true scale of unreported weaknesses is far greater than the 800,000 reported above. 

Stephane Konarkowski added: “Our findings highlight that enterprises urgently need continuous, external visibility of their digital surfaces. Even the world’s largest organisations are overlooking fundamentals that create real-world risk.”

Find out about secure physical access control systems through layered cybersecurity practices.

Related white papers
Aligning physical and cyber defence for total protection

Aligning physical and cyber defence for total protection

Download
Combining security and networking technologies for a unified solution

Combining security and networking technologies for a unified solution

Download
System design considerations to optimize physical access control

System design considerations to optimize physical access control

Download
Related articles
How physical security consultants ensure cybersecurity for end users

How physical security consultants ensure cybersecurity for end users
How managed detection and response enhances cybersecurity management in organisations

How managed detection and response enhances cybersecurity management in organisations
Drawbacks of PenTests and ethical hacking for the security industry

Drawbacks of PenTests and ethical hacking for the security industry