Today, Rapid7 just released the first in our all-new Industry Cyber-Exposure Report (ICER) series. For those of you who have been following our research over the past few years, you may immediately suspect us of unloading another 100+ page tome of internet-based findings around the internet—but not so fast! We've slimmed down our research and reporting style, and this new series focuses on five areas we believe that CISOs at mega-corporations actually have a shot at accomplishing, /and/ will have a practical and fairly immediate effect on a given company's internet security posture. Those are:
Implementing DMARC (Domain-based Message Authentication, Reporting & Conformance) to shore up email security, both internally and externally.
Enforcing HTTPS (secure HTTP) and HSTS (HTTP Strict Transport Security) in order to protect their brand reputation and their customers' personal information.
Hitting a happily low count of unique versions for major internet-facing software applications like web servers and email servers.
Shutting off dangerous and inappropriate services that really have no business being exposed on the internet in the first place.
Kicking off a vulnerability disclosure program (VDP) that helps you learn about the security issues in your products and infrastructure before you run into real problems with malicious attackers.
The paper itself focuses on how well a specific cohort of companies are doing in these areas—this time, it's the Fortune 500, which are widely considered to be the most successful of large companies headquartered in the United States. We cut the data by industry, so we can stack up how financials are doing compared to the technology sector, where manufacturing and healthcare look pretty much the same, and plenty of othe ..
Support the originator by clicking the read the rest link below.
: Fortune 500){kind=link}