Saturday, 19th September 2020

FTSE 250 companies hosting a high number of unpatched services with known vulnerabilities

Cyber firm Rapid7 conducts one of the most comprehensive surveys of the internet and found that FTSE 250 companies are hosting a high number of unpatched services with known vulnerabilities.

FTSE 250 companies are hosting a high number of unpatched services with known vulnerabilities, a report by Rapid7 finds.

The report entitled National Industry Cloud Exposure Report (NICER) uncovers a particularly high level of known vulnerabilities in the financial services and telecommunications industry, with each industry having 10,000 high-rated common vulnerabilities and exposures (CVEs) across their public-facing assets.

The report predicts that despite the vast collective reservoirs of wealth and expertise within these companies, this level of vulnerability exposure is unlikely to get better in a time of global recession.

In addition to the FTSE 250, Rapid7’s report looked at the Fortune 500, Deutsche Börse Prime Standard 320, ASX 200 and Nikkei 225, and revealed that 611 companies within these are hosting a high number of unpatched services with known vulnerabilities. This includes 11,630 vulnerabilities within 107 large technology companies alone.

Moreover, patch and update adoption continues to be slow, especially in remote console access where, for example, 3.6 million secure shell (SSH) servers are sporting versions between five and 14 years old. To make matters worse, unencrypted, cleartext protocols are still heavily used with 42% more plaintext HTTP servers than HTTPS, 3 million databases awaiting insecure queries, and 2.9 million routers, switches, and servers accepting Telnet connections.

In a time of global pandemic and recession, this Rapid7 report offers a data-backed analysis of the changing internet risk landscape, measuring the prevalence and geographic distribution of commonly known exposures in the interconnected technologies that shape our world.

Tod Beardsley, research director at Rapid7 said: “FTSE 250 companies may be the leading organisations in the UK size-wise, but they’re also some of the biggest targets to cyber attackers. One of the findings that surprised me is the prevalence of un-securable SMB servers that exist within these organisations, showing that UK organisations have not yet learned the lessons of WannaCry, which cost the NHS more than £92 million a couple of years ago.

“My advice to IT teams within FTSE 250 organisations is to bake in regular patching windows and decommissioning schedules to their internet-facing infrastructure.
Cybersecurity remains a top priority for SMBs worldwide, as revealed in a survey conducted by Vanson...
F-Secure’s attack landscape update highlights attackers’ strategies to capitalize on the COVID-19 pa...
Latest research from Neustar reveals rise in intensity, sophistication and volume of DDoS attacks am...
Only 12% of chief information security officers (CISOs) excel in all four categories of the Gartner...
Research by Egress reveals organisations suffer outbound email data breaches approximately every 12...
Attivo Networks has published the results of a new research report conducted with Kevin Fiscus of De...
The recent Kaspersky report ‘State of Industrial Cybersecurity in the Era of Digitalisation’ has rev...
Joint solution integrates detection, automated investigations and incident response capabilities to...