22% of Fortune 500 Companies Have Exposed VPNs

Michael is the Head of Cyber Risk at Expanse. He leads a large team of analysts who identify vulnerabilities in large Fortune 500 companies and government agencies’ vast online presence. He also has 14 years of FBI experience as a Special Agent, leading extensive investigations of cyber threat actor sets.

The COVID-19 pandemic has created an array of new challenges for enterprise security. Organizations need to be agile and continue to deliver on company or agency objectives. And do this while supporting a largely remote workforce without sacrificing security. 

This security imperative makes recent findings by researchers at Expanse particularly concerning. On a single day in September 2020, our research team found that 22% of Fortune 500 companies had Virtual Private Network devices exposed on the public Internet. We also found that 34% of the Fortune 500 had either a VPN or remote access, web, or data storage server exposed online. 

This in and of itself, isn’t necessarily an issue (I mean, how else are you going to access your network?), but it does highlight known attack vectors targeted by bad actors. There have been reports coming from the US government highlighting how nation-state threat actors exploit the VPN vector.

These are exactly the types of devices that are critical to protect as employees access systems and sensitive data remotely, and that we know attackers will be targeting because of increased usage.

To put these findings in context, I’d like to explore four key trends that are impacting the cybersecurity industry and causing additional challenges for security leaders and practitioners today:

Trend #1: Lack of Organizational Control

Most organizations we work with are dealing with some form of cyber hygiene issue. Imperfect cyber hygiene can be caused by incomplete organizational control and visibility, and leads to increased security risks through unknown and unmanaged network assets. This can take the form of an RDP instance that’s exposed on the Internet, an incorrectly configured VPN a remote employee is using, or a database server that a developer spun up and forgot to spin down at the end of a test project. It is immensely difficult for large organizations to keep track of all of these assets, especially when you factor in the growth in the WFH workforce. And keep in mind, hackers actively scan for incorrectly configured VPNs exposed online. According to the DHS, “there’s been a rise in attackers scanning for vulnerabilities in remote-working tools and software.”

In the future, we’ll publish more on issues related to VPNs using weak encryption. Stay tuned!

Trend #2: The Growth in WFH 

As the COVID-19 crisis continues, organizations have pivoted to account for the fact that their employees could continue to work remotely well into next year. Some are even going remote indefinitely. As organizations adapt to this new environment, some are even seeing gains in productivity:  

“Despite security issues and concerns resulting from the massive and sudden increase in [WFH] initiatives due to the global COVID-19 healthcare crisis, one-third (38 percent) of U.S. companies observed productivity gains during remote work and 84 percent anticipate broader and more permanent WFH adoption beyond the pandemic.”

Those gains in productivity help explain why some companies will continue to move toward a more permanent WFH policy. But simultaneously, organizations are being pressured to reduce spending. If security spend is on the chopping block even as security challenges are increasing, this puts CISOs in a challenging position.

Trend #3: The Reduction of Cybersecurity Spending

That leads me to my next point. More than 70% of CISOs and security buyers believe budgets will shrink by the end of 2020 and continue shrinking into fiscal year 2021, according to McKinsey, programmatic and headcount reductions will be felt by the teams on the ground and may negatively impact the risk posture of the organization. 

Trend #4: Surge in the Number of Cyberattacks

Cyberattacks have increased 400% during the pandemic. Part of the reason for this is skyrocketing unemployment rates that have led to an increase in new hacker entrants as some seek a source of income while staying at home. That opportunistic mindset shouldn’t be overlooked, especially considering the continued slow down of the global economy.

This further cements the need for complete, continuous, and accurate visibility into your external-facing attack surface. 


There are several factors we raised that are outside of your sphere of influence, but organizational control isn’t one of them. One way to help combat these pressing concerns is to gain full visibility in your ever-changing asset inventory. Expanse can help you identify and mitigate risky assets on your attack surface like exposed VPNs, remote access services, and more. 

With complete visibility of your Internet assets, your team will be enabled to lock down your attack surface before bad actors get to it. This is where we can help. Request a demo to learn why the world’s largest organizations and government agencies trust us to protect their Internet attack surfaces, and how we can help protect yours too.