SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Email Security
#
ASX
#
Industrial
ASX 200 companies on-par with FTSE 350, Fortune 500 - report
Mon, 5th Dec 2022
FYI, this story is more than a year old
Author image
By Zach Thompson, News Editor
Follow us

A new report by Rapid7 has found that companies listed on the ASX 200 have a good security posture, and the attack surface overall is on-par with global counterparts in the FTSE 350 and Fortune 500.

“Whilst there’s still definite room for improvement, the overall security posture of ASX 200 companies have measurably improved since our Industry Cyber-Exposure Report on the ASX 200 in 2021,” says Erick Galinkin, the report’s author and Principal Researcher at Rapid7.

The report examines factors that provide a clear view of how the ‘average’ ASX 200 company looks from the internet, based on data collected in October this year.

These include:

Internet-facing attack surface

Overall port counts and high-risk port counts provide insight into how accessible corporate networks are to outsiders.

Web server type and version complexity

Web servers are internet-facing by necessity, and the variety of software types and differing versions between servers offers a proxy for how an organisation manages complexity and patching generally.

Microsoft Exchange patching

Given its popularity as an enterprise email server, this serves as a leading indicator of overall vulnerability management.

Email and Domain safety

Using Domain-based Message Authentication, Reporting, and Conformance (DMARC) and Domain Name Service Security Extensions (DNSSEC) helps mitigate email-based attacks like phishing by flagging illegitimate senders and preventing spoofing.

“The ASX 200 industrial sector leads in their exposure of risky services to the internet,” says Galinkin.

“Also, companies who expose Nginx web servers can do better in managing version dispersion risk by keeping installations up to date.

“Also, Microsoft Exchange remains a popular on-premises email server despite high-impact remote vulnerabilities.”

Attack surface analysis

One metric of concern is which ports are exposed to the internet.

Rapid7 takes this further by focusing on two metrics: how many ports are exposed and how many of these ports are high-risk.

“We define high risk as the ports commonly associated with FTP, SSH, Telnet, SMB, and RDP,” Galinkin notes.

“The RDP and SSH are high risk, with automated attacks targeting these ports a common tactic by bad actors, an issue we reported on in our recent ‘Good Passwords for Bad Bots’ report.

“Although financial services, healthcare, and information technology have a substantial number of ports exposed overall, their relative exposure of risky ports is actually very low.

“By contrast, industrials leap out with an average of 33 exposed high-risk ports per company. This exposure is largely due to the substantial number of exposed SSH ports, combined with being the leading exposer of RDP, with an average of five exposed RDP servers per company.”

Web server support and version complexity

Web server vulnerabilities represent a serious risk for enterprises, potentially having a significant organisational impact.

Rapid7 notes that this means it is crucial to apply patches, with unsupported server versions not receiving these patches and an impacted server remaining vulnerable until the underlying software is upgraded.

“We examined the deployment of supported versions and found that ASX 200 companies favour Apache and Nginx for web servers over IIS, and do so in approximately equal numbers,” Galinkin says.

“But in a more worrisome metric, Nginx beats Apache in the number of unsupported versions deployed on the internet.”

Regarding version dispersion, Rapid7’s latest research finds that trends are stable, but in the version dispersion category, IIS is the leader, with only the communications and energy sectors having an average of one version per company.

When broken down by sectors, financial services and industrials stand out, with most companies in these areas deploying more than one type of server software, as well as multiple versions of each, leading to a more complex deployment of patches for potentially affected systems.

Microsoft Exchange

Rapid7 notes that Microsoft Exchange remains a popular on-premises email server, despite containing a range of vulnerabilities.

“The data shows only four of 42 organisations running Microsoft Exchange on premises having applied the most recent, relevant patches,” Galinkin explains.

“However, even in the most critical circumstances large organisations face difficulty patching, with patch deployments often lagging patch releases by 60 days or more.”

Email safety

Rapid7 also acknowledges a meaningful shift from ASX 200 organisations since 2020, with many of these businesses now having at least a valid, error-free DMARC policy.

In contrast, just nine of the 200 enterprises have put in place DNSSEC, which Rapid7 says is disappointing.

However, it adds that not a single company had implemented DNSSEC in 2020, so the low count is at least a move in the right direction.

Related stories
Check Point boosts email security with new AI-powered features
The rising threat of search engine ad abuse
New In the Wild 2024 report reveals key cyber threats
Darktrace shifts to proactive AI strategy to combat rising cyber threats
Wavelink gets sole Claroty distributorship for Australia
Top stories
Fortinet recognised as Challenger in Gartner's 2024 Magic Quadrant for SSE
Coalition integrates cyber risk platform with top cloud services providers
Secolve & Asimily join forces to boost Australia's IoT security
Armis warns of major cyber-attack risk to 2024 global elections
i-PRO to support Genetec SaaS with new AI-enabled camera models