Rapid7 Has Good News for UK Security Posture

Written by

The UK’s largest public companies have reduced exposure to high-risk ports and enhanced email security over the past two years, although some firms are still inviting excessive cyber risk, according to Rapid7.

The security vendor appraised the FTSE 350 in three areas for its new report, to provide a snapshot of the UK’s attack surface as of March 2023.

The resulting findings, outlined in The FTSE 350 Cyber Attack Surface report, show significant improvements from Rapid7’s 2021 Industry Cyber-Exposure Report – putting UK firms on a par with their global peers trading on the ASX 200 and the Fortune 500.

For one, a relatively small number of UK companies are exposing their organization via high-risk ports such as FTP, SSH, Telnet, RDP and SMB.

Nearly two-thirds (37%) expose at most one high-risk port and over a fifth (21%) expose none at all. However, the financial services sector is something of an outlier, with an average of nearly 12 exposed high-risk ports per company.

“RDP and SSH are frequently exposed to the internet for remote management, but the level of exposure for an average company here should encourage financial services organizations to evaluate their external attack surface,” the report noted.

“Compared to 2021, however, the attack surface of the FTSE 350 is greatly improved. The trends especially in materials, utilities, and health care are encouraging, where each of those industries is exposing only SSH and RDP in very small numbers.”

Read more on UK security risks: MI6 Boss: Digital Attack Surface Growing "Exponentially"

Rapid7 also saw improvements with deployment of DMARC to mitigate spoofing email attacks. The number of FTSE 350 firms with a valid policy has risen from 191 in 2021 to 247 today, with the majority favoring a quarantine or reject policy.

However, it warned that implementation of DNS Security extensions (DNSSEC) is still poor, although in line with global peers. Just 4% of FTSE 350 firms are helping to reduce their exposure to DNS attacks in this way.

Finally, the report found that the vast majority of IIS (80%) and Apache (89%) web servers were running supported versions, although the figure fell to 30% for the less popular Nginx servers.

While the results paint a positive picture of UK PLC’s attack surface, continued caution is required, Rapid7 said.

“Remember that security is a moving target – while many of these companies have their risk under control today, a new threat or even the initiation of a new information technology strategy tomorrow can completely change the landscape of a company,” the report concluded.

“These things must be tracked on an ongoing basis.”

What’s hot on Infosecurity Magazine?