iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
The largest companies in Australia have standard of security that is comparable to its global counterparts, according to a new report that has declared ASX 200 company security standards as “respectable”.
Analysing the security posture of the ASX 200, cyber security company Rapid7 published the ASX 200 Attack Surface Report. The result is that the security standards of ASX 200 companies are “on par with global counterparts in the FTSE 350 and the Fortune 500”, says the report’s author and Rapid7 principal researcher Erick Galinkin.
“Whilst there’s still definite room for improvement, the overall security posture of ASX 200 companies have measurably improved since our Industry Cyber-Exposure Report on the ASX 200 in 2021.”
The new report, which is based on data from October 2022, follows up on Rapid7’s 2021 report, showing that significant improvement has been made over the last year.
Four factors were surveyed to outline the sophistication of ASX 200 companies when it came to cyber security:
Ports are an area of concern, where open ports can provide bad actors an access point to sensitive data through malware, security vulnerabilities and social engineering. Rapid7 records in two ways — exposed ports which just counts the total number of exposed ports, and high-risk exposed ports.
“We define high risk as the ports commonly associated with FTP, SSH, Telnet, SMB, and RDP. The RDP and SSH are high risk, with automated attacks targeting these ports a common tactic by bad actors,” adds Galinkin.
“Although financial services, healthcare, and information technology have a substantial number of ports exposed overall, their relative exposure of risky ports is actually very low. By contrast, industrials leap out with an average of 33 exposed high-risk ports per company.”
A lack of patching server vulnerabilities is also a major concern, leaving businesses exposed to hackers to take advantage of older, impacted servers.
“We examined the deployment of supported versions and found that ASX 200 companies favor Apache and Nginx for web servers over IIS, and do so in approximately equal numbers. But in a more worrisome metric, Nginx beats Apache in the number of unsupported versions deployed on the internet,” adds Galinkin.
Email safety has seen considerable growth, with a large number of businesses having implemented an error-free DMARC policy. DNSSEC adoption is still slow, with only nine of the ASX 200 having implemented it, however in 2020, that number was zero.
Be the first to hear the latest developments in the cyber industry.
