Five Security Lessons from the Least Exposed Companies in Financial Services

  • Boaz Shunami, CEO at Komodo Consulting

  • 30.05.2017 01:45 pm
  • undisclosed , Boaz Shunami is co-founder and CEO of Komodo Consulting. With two decades of experience in information technology and engineering, specializing in cyber, information and application security. Boaz has consulted for many global corporations and is able to address high-level strategy, as well as low-level technical analysis.
  • 635

Peta AI named Sumitomo Mitsui Trust of Tokyo, Cathay Financial of Taiwan, and Charles Schwab of San Francisco as the top three least exposed to cyber threat companies in financial services.

As a whole, this ranking is one of the more difficult to secure. Firstly, by their nature, large, global corporations are operating across many geographies and frequently acquiring and selling companies. This limits the ability to generate a proper security situation overview, especially for the company’s IT personnel themselves. 

Charles Schwab has these four compromised hosts, nine vulnerable apps, and six sensitive ports in its security profile. Cathay Financial ranks higher, with no leaked accounts or compromised hosts and four sensitive ports in its security profile. Sumitomo Mitsui Trust is less exposed in these areas: it has no compromised hosts or vulnerable apps, only two open ports, and only two sensitive ports.

The sheer size of infrastructure comprising the cyberattack surface of these companies makes simple IT processes such as patching, upgrading, fixing and replacing vulnerable systems far more complex. Simply the way business is conducted means most organizations are connected with myriad third parties, inheriting security issues from those connections. Finally, even huge corporations face similar issues as smaller organizations: limited resources and knowledge about cyber and information security, with gaps in the IT teams charged with handling, respond-to and acting proactively to improve their security postures.


Peta AI is a cybersecurity research project showcasing how large, global organizations appear to external attackers. For this project, the team analyzed the Global 2,000, examining each enterprise’s cyberattack surface to determine how prospective attackers could infiltrate it, what information they can find, and where they would find it, such as within social media or the darknet. The result is a list of companies and sectors most vulnerable to cyber attacks and those that are less exposed. The cyber exposure reports detail exposure by geographical location and level from various sources such as compromised hosts, leaked accounts, exposed open ports, and vulnerable applications.


These least vulnerable companies have used specific strategies to ensure they remain protected. They have developed policies and procedures to ensure they avoid exposing a large attack surface. They have reduced administrative access to their external infrastructure and focused on securing maintaining their perimeter systems.

Cyber and information security needs to focus on intelligence and operational ability, with the actual technology tools a clear third. For companies who would like to achieve a greater level of protection, a specific focus on these five areas can address your major problems without an enormous budget outlay.

  • Perform penetration testing on all external facing systems
  • Conduct red team exercises to identify weak links
  • Boost threat intelligence capabilities
  • Improve incident response and forensics capabilities 
  • Educate employees on cybersecurity - before a breach occurs

Combining threat intelligence capabilities with a top-tier research team, Peta AI pinpoints companies with a considerable amount of data exposed about them, with a 70-to-80 percent accuracy rate.

Other Blogs