20 Tech Vulnerabilities Business And Industry Need To Address Now

Many of us have become so reliant on our tech tools that we don’t notice how essential they are—until they fail. Similarly, many overlook the importance of cybersecurity until they’re part of a data breach. While every business wants to avoid having its internal tech systems (or worse, the tech products or services they provide) go down or be compromised, many don’t engage in the foundational work that could help address current and emerging vulnerabilities.

While understanding exactly where a vulnerability or breakdown led to a failure may not matter much to the affected end users, it’s essential information industries and companies need to be aware of if they’re to make needed changes. Below, 20 members of Forbes Technology Council discuss tech-related vulnerabilities the tech industry and individual businesses need to work to address now to avoid serious problems in the future.

1. Sensitive Data In Open Buckets

One in five public-facing cloud storage buckets contains sensitive data. Legacy security infrastructure is no longer sufficient to defend sensitive data. Often, exposure incidents are blamed on “misconfiguration,” but more often than not, it is more about misplaced data that should never have been stored in an open bucket. Organizations must have complete observability of their data. – Amit Shaked, Laminar

2. Lack Of Multifactor Authentication

Business email compromise, such as can happen through phishing or spear phishing attacks, results in credential theft, which is a leading cause of breaches. Multifactor authentication limits the impact, but while most organizations claim to use MFA, many have yet to deploy it to every employee and authentication use case. Make MFA a requirement for all to significantly reduce the risk of falling victim to business email compromise and other cyberattacks. – Corey Nachreiner, WatchGuard Technologies Inc.


Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?


3. Not Requiring SBOMs

Software compromise will be reduced when software bills of materials are universally required. Think of SBOMs as nutrition labels for your software. Most consumers don’t realize that software is modular and contains chunks of code from many different suppliers. Listing the software “ingredients” will impose accountability and allow customers to make the most secure choices. – Gentry Lane, ANOVA Intelligence

4. Insecure IoT Devices

The security of Internet of Things devices is one tech weakness that the sector has to address. IoT devices are becoming more common in both homes and companies, but many of them lack strong security safeguards, leaving them open to cyberattacks. The tech industry should strengthen IoT device regulation, provide security awareness and education, and raise device security requirements to address this issue. – Neelima Mangal, Spectrum North

5. Total Investment In Cloud Infrastructure

From enterprise resource planning systems to office productivity tools and from data backups to high-availability service, any substantial cloud infrastructure failure can cripple—even shutter—businesses. Whether from hacking, power grid failures, viruses or, heaven forbid, an act of war, the “cloud” itself is always at risk. To address this vulnerability, companies should divest from the cloud and reinvest in on-premises and on-device solutions. – Robert Martin, Oil City Iron Works, Inc.

6. Not Addressing Ethics In AI Use

One tech vulnerability that demands urgent attention is the ethical use of AI. The industry needs to prioritize the development and implementation of robust AI ethics frameworks, ensuring transparency, fairness and accountability in AI systems. This can be achieved through interdisciplinary collaboration, stakeholder engagement and continuous monitoring of AI algorithms. – Stephen O’Doherty, Gibraltar Solutions

7. Sole Reliance On Email For Account Recovery

The continued and sole use of ineffective email-based approaches to account recovery means that once a user’s email account is compromised, it is nearly impossible for them to regain control of accounts linked to their email. Organizations need to revamp their account recovery processes to offer offline methods of verifying identities and encourage more use of MFA. – Claude Mandy, Symmetry Systems Inc.

8. Unsecured Supply Chains

Supply chain attacks are a critical vulnerability that requires greater attention. They can compromise trusted software or hardware, infecting users downstream. Strengthening defenses involves securing the development process, implementing rigorous testing and monitoring for unusual activity. Regular audits and improved transparency among suppliers can also help mitigate risks. – Nolan Garrett, TorchLight

9. Unprotected APIs

The tech industry needs to address the vulnerability of unprotected application programming interfaces. APIs are increasingly targeted by hackers, leading to significant data breaches. To mitigate this risk, organizations should inventory all APIs, monitor traffic and implement measures to block high-risk activities. This approach will help protect sensitive data and maintain business operations. – Andres Zunino, ZirconTech

10. Overreliance On Vendors’ Security Systems

Overreliance on third-party vendors’ security systems is a critical mistake. Neglecting to secure sensitive data that goes into third-party systems can lead to massive risks, even for companies with robust internal security. To safeguard assets beyond the corporate perimeter, leaders must integrate a zero-trust mindset, monitoring and setting controls for all activity within their network. – Almog Apirion, Cyolo

11. Poorly Designed Or Untested Software

Often, vulnerabilities are hidden in the very design of software. When developing a new product, companies need to carefully test its logic and design so there is no possibility, for example, for outsiders to access certain pages simply via a link, without the need to log in. – Yuriy Berdnikov, Perpetio

12. Siloed Cyber Supply Chains

As tech continues to rapidly innovate, it relies on a global network of capabilities and talents from open-source code, employees and vendors. An established, siloed cyber supply chain creates a “world of shared fate” in which your top vulnerabilities—cyber, insider, third party and geopolitical—are not just your own, but also those of your established CSC network. – Christine Halvorsen, Protiviti

13. Not Sharing Knowledge And Information

The tech industry should foster a culture of collaboration and information sharing regarding emerging threats and vulnerabilities, taking a proactive approach that empowers organizations to stay ahead of emerging threats. Doing so facilitates knowledge exchange, promotes innovation and enhances the collective ability to effectively address cybersecurity challenges. – Cristian Randieri, Intellisystem Technologies

14. Constantly Playing Defense Against Cyber Attackers

The tech industry must acknowledge and address the information imbalance between defenders and attackers. Attackers know what has been successful for them, which enables them to replicate the same tactics on a large scale. While addressing a specific vulnerability is important, it’s crucial to recognize that attackers will move on to exploit the next one, leaving defenders at a perpetual disadvantage. – Ilia Sotnikov, Netwrix

15. ‘Rogue’ Assets

Attackers often access a target organization through “rogue” assets such as laptops or cloud applications. Not accounting for these assets is like leaving the door unlocked and forgetting it is there—they are often unmanaged and lack up-to-date security controls. It sounds foundational—and that’s because it is—but organizations must identify their assets. Following that, they can patch, install controls and so on. – Brian Contos, Sevco Security

16. Quantum Computing

Quantum computing threatens existing encryption standards, potentially leaving data vulnerable. The tech industry should prioritize post-quantum cryptography development to resist quantum-based attacks, ensuring secure data transfers even in the quantum era. This innovation is vital for future digital security. – Kenneth Holley, Silent Quadrant

17. Increasingly Daring Identity Theft

It’s essential to develop a more sophisticated way of identifying who someone is speaking to. There are cases of malicious actors creating fake identities and fake IDs that can be used to bypass system security. They do this by contacting a call center—or, in extreme cases, by going to a physical location, such as the window of a bank teller—and using the fake ID to bypass online security questions. – Adam Sandman, Inflectra Corporation

18. Older Devices That Don’t Receive Security Updates

The lack of security updates for older devices is a big problem. Apple does a good job here, continuing to release security updates for devices as old as the iPhone 5s, but most brands need to do better. Lots of people still use old devices—especially people who are older—so addressing vulnerabilities in these devices is important. In general, brands should provide more support for older devices and raise awareness among the people who use the devices. – Jordan Yallen, MetaTope

19. Lack Of Data Portability

The lack of data portability is a risk few businesses have in mind. Today, the outage of a single cloud vendor—whether because of changing business priorities, regulatory action or a cyberattack—can take down thousands of companies. With no way for companies to back up their data or migrate it to a different service, there is a high risk of cascading effects for the whole economy. – Kevin Korte, Univention

20. Human Error

One tech vulnerability that the industry needs to do more to address is the human factor in cybersecurity. Despite advancements in technology, human errors remain a significant weak point. To address this, the industry should invest in training programs to educate users about best practices, raise awareness about social engineering tactics, and instill a security-conscious culture in organizations. – Jagadish Gokavarapu, Wissen Infotech