Back in July, Rapid7 released its first-ever National / Industry / Cloud Exposure Report, otherwise known as “NICER.” This report had a big job: to assess not only the prevalence of known threats, but also to provide a geographic census of those threats. It tells the all-too-true story of increasing vulnerabilities and a fast-growing global attack surface, particularly in a time of a global recession and pandemic.
Insights by the numbers
Based on a technical assessment of 24 surveyed service protocols, Rapid7’s NICER revealed key insights about where we’re heading in the right direction, regressing, or staying put, finding:
Unencrypted, cleartext protocols are still heavily used. There are 42% more plaintext servers than HTTPS, 3 million databases awaiting insecure queries, and 2.9 million routers, switches, and servers accepting Telnet connections.
Patch and update adoption continues to be slow. NICER shows 3.6 million SSH servers feature versions between five and 14 years old.
There is good news. NICER reported a 13% year-over-year increase in exposed, dangerous services such as SMB, Telnet, and rsync.
The power of individual organizations
NICER found that top publicly traded companies in some of the wealthiest nations in the world—the United States, United Kingdom, Australia, Germany, and Japan—host a surprisingly high number of known vulnerabilities. Despite their standing in the world, this increased level of exposure is not likely to go away. The good news? Power is in the hands of individual organizations to make the right choices in handling vulnerabilities.
Because security isn’t maintained through technology alone, it’s important to stay current on accurate information and sharing it far and wide. Staying up-to-date means security threat responders can implement and support modern protocols, not simply for inter ..
Support the originator by clicking the read the rest link below.
