UpGuard, the third-party risk and attack surface management platform, today published a study identifying an overlooked threat to Fortune 500 companies: public documents and PDFs. This study, conducted by the UpGuard Cyber Research Team, shows that prominent companies are exposing information important to malicious actors during the reconnaissance phase of an attack.
UpGuard conducted an analysis of Fortune 500 companies and reviewed the metadata associated with public documents on their websites. These files included PDF, Word, Excel, and PowerPoint documents. The findings of this report reveal that over half of the companies surveyed were not following important cybersecurity best practices, leaving them vulnerable to potential cyber attacks.
Additional key findings from the study include:
- The attack surface for each organization is vast, with Fortune 500 companies having on average over 9700 public PDFs online on their public websites.
- Over 51% of the companies analyzed are exposing unnecessary and often sensitive metadata in their public PDFs and documents.
- According to UpGuard’s analysis, this practice is only getting worse over time. There are more documents being uploaded over time and document sanitization has declined. Bad actors can have more information than ever before to launch a cyber attack.
To access the full report, visit our resource center here. You can also listen to firsthand analysis from Greg Pollock, VP of CyberResearch, as he discusses the report findings and how businesses can better adapt to this threat in this video.
UpGuard helps businesses manage cybersecurity risk. UpGuard’s integrated risk platform combines third-party risk management, security questionnaires, and threat intelligence capabilities to give businesses a full and comprehensive view of their attack surface.