A much-anticipated report from Rapid7, a cybersecurity company based in Boston USA, revealed “frankly shocking” news concerning the current global state of security on the Internet in the wake of the Covid-19 pandemic.
According to the massive cross-industry study, completed in the summer of 2020, the findings revealed that despite enormous security problems from the worldwide outbreak of COVID-19, the system was actually holding up relatively well and security measures were improving globally. That was where the good news ended. The flipside was that despite pockets of improvement, there were still huge holes in security worldwide.
The report found that many websites continued to use less secure HTTP protocol rather than newer encrypted options, and that organizations continue to use outmoded, vulnerable software versions that in some instances had not been updated since 2006. One deeply worrying statistic showed more than 3 million online databases continued to allow unencrypted queries and nearly 3 million network routers allowed unencrypted unsecured telnet connections.
Rapid7 said there was a drop in the use of older and less secure SMB (server message block) and Telnet. So they were surprised to find, at least structurally, on a protocol and service basis, the Internet seemed to be going in the right direction. The report’s authors found the lack of chaos in the wake of the pandemic genuinely concerning. “This is a frankly shocking finding,” the report states. “The global disasters of disease and recession, along with the uncertainty they bring, appear to have had no obvious effect on the fundamental nature of the Internet.” The only logical conclusion is that the full impact of coronavirus has yet to be fully revealed.
The report ranked both industries and countries according to the overall security of their Internet connections. Topping the list of most exposed countries were the United States, China, South Korea, the United Kingdom and Germany. Rapid7 considered several factors in the rankings, such as the total attack surface and number of IPv4s exposing vulnerabilities. The rankings also considered SMB, SQL Server and Telnet exposures and common vulnerabilities and exposures listings. Given the dominant presence of the China and the United States on the web, their top slots on the list were not unexpected.
Rapid7 last year conducted surveys on Internet security among leading businesses in major countries around the globe. The analysis showed at the bottom of the list, those organizations exhibiting the fewest vulnerabilities were real estate, professional services, hotels and restaurants. At the top of the list of most vulnerable businesses globally were financial services, telecommunications, and retail. The report also produced an A to E ranking for industry security, assigning a letter grade based on the number of web vulnerabilities in each industry category. Two groups received a top grade of A: Aerospace, defense and transportation, and motor vehicles. At the bottom of the list with grades of D or E were telecommunications, financial services, and health care. The report said that despite improvements globally, none of the industries comes close to being perfect. “Companies have a lot of work to do when it comes to cyber-hygiene,” the report stated.
The report’s authors re-emphasized that increasing awareness of potential problems will eventually help make the Internet more secure, “Policymakers, business leaders and innovators have an opportunity to shape the security of the Internet of the future, but only if they are aware of the state of today’s Internet.”But, for the true shape of cybersecurity following the pandemic – we will just have to wait and see.
