FTSE 250 companies hosting a high number of unpatched services with known vulnerabilities

Cyber firm Rapid7 conducts one of the most comprehensive surveys of the internet and found that FTSE 250 companies are hosting a high number of unpatched services with known vulnerabilities.

  • 4 years ago Posted in
FTSE 250 companies are hosting a high number of unpatched services with known vulnerabilities, a report by Rapid7 finds.

 

The report entitled National Industry Cloud Exposure Report (NICER) uncovers a particularly high level of known vulnerabilities in the financial services and telecommunications industry, with each industry having 10,000 high-rated common vulnerabilities and exposures (CVEs) across their public-facing assets.

 

The report predicts that despite the vast collective reservoirs of wealth and expertise within these companies, this level of vulnerability exposure is unlikely to get better in a time of global recession.

 

In addition to the FTSE 250, Rapid7’s report looked at the Fortune 500, Deutsche Börse Prime Standard 320, ASX 200 and Nikkei 225, and revealed that 611 companies within these are hosting a high number of unpatched services with known vulnerabilities. This includes 11,630 vulnerabilities within 107 large technology companies alone.

 

Moreover, patch and update adoption continues to be slow, especially in remote console access where, for example, 3.6 million secure shell (SSH) servers are sporting versions between five and 14 years old. To make matters worse, unencrypted, cleartext protocols are still heavily used with 42% more plaintext HTTP servers than HTTPS, 3 million databases awaiting insecure queries, and 2.9 million routers, switches, and servers accepting Telnet connections.

 

In a time of global pandemic and recession, this Rapid7 report offers a data-backed analysis of the changing internet risk landscape, measuring the prevalence and geographic distribution of commonly known exposures in the interconnected technologies that shape our world.

 

Tod Beardsley, research director at Rapid7 said: “FTSE 250 companies may be the leading organisations in the UK size-wise, but they’re also some of the biggest targets to cyber attackers. One of the findings that surprised me is the prevalence of un-securable SMB servers that exist within these organisations, showing that UK organisations have not yet learned the lessons of WannaCry, which cost the NHS more than £92 million a couple of years ago.

 

“My advice to IT teams within FTSE 250 organisations is to bake in regular patching windows and decommissioning schedules to their internet-facing infrastructure.
Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Aqua’s cloud native application protection platform becomes the only solution that protects cloud...
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities...