New Rapid7 Research Highlights Changing Internet Risk Landscape Across Countries, Industries and Cloud Environments

BOSTON, MA — July 20, 2020

Rapid7, Inc. (NASDAQ: RPD), a leading provider of security analytics and automation, today released its National / Industry / Cloud Exposure Report (NICER) 2020, one of the most comprehensive census of the modern internet.

In a time of global pandemic and recession, NICER offers data-backed analysis of risk across the internet and measures the prevalence and geographic distribution of commonly known exposures in the interconnected technologies that shape the world.

Security of the internet is improving, but there is more work to be done
Rapid7’s research found that the security of the internet overall is improving. The number of insecure services such as SMB, Telnet, rsync, and the core email protocols, decreased from the levels seen in 2019. However, vulnerabilities and exposures still plague the modern internet even with the increasing adoption of more secure alternatives to insecure protocols, like Secure Shell (SSH) and DNS-over-TLS (DoT).

“2020 has brought unprecedented changes and challenges to organizations of all sizes and across all industries. With NICER, we had a unique opportunity to explore the state of security worldwide during this time, with the goal of understanding how the pandemic, lockdown, job loss, and shift to remote work has affected the character and composition of the internet,” said Tod Beardsley, Director of Research at Rapid7. “We were surprised to see that recent incidents appear to have had no obvious effect on the fundamental nature of the internet, however it is possible that we have yet to see the full impact.”

Other key findings include:
• The United States, China, South Korea, the United Kingdom and Germany rank as the top five most exposed countries. 

• The top publicly traded companies in the United States, the United Kingdom, Australia, Germany, and Japan are still hosting a high number of unpatched services with known vulnerabilities. These findings are consistent with research Rapid7 conducted in 2019. 

• Publicly traded financial services and telecommunications companies in the United States, the United Kingdom, Australia, Germany, and Japan were found particularly vulnerable. There are tens of thousands of high-rated CVEs (Common Vulnerabilities and Exposures) across the public-facing assets of these two sectors.

• Telnet continues to be commonly used across cloud providers, despite being unsuitable for the internet due to its lack of security controls – with Microsoft, Alibaba and OVHcloud having the most exposure. 

• Patch and update adoption continues to be slow, especially in remote console access where, for example, 3.6 million SSH servers are running versions between five and 14 years old.

• There has been an average 13 percent year-over-year decrease in exposed, highly vulnerable services such as SMB, Telnet, and rsync.

• Unencrypted, cleartext protocols are still heavily used with 42 percent more plaintext HTTP servers than HTTPS, 3 million databases awaiting insecure queries, and 2.9 million routers, switches, and servers accepting Telnet connections, which is a 7% decrease when compared to research Rapid7 conducted 2019. 


“The internet landscape is continually changing. Through NICER, we are able to provide more actionable data to help diagnose what is vulnerable, what is improving or getting worse, and what solutions are available for policymakers, business leaders, and innovators to make the internet more secure,” said Bob Rudis, Chief Data Scientist at Rapid7. “Policymakers, business leaders, and innovators have an opportunity to shape the security of the internet of the future, but only if they are aware of the state of today’s internet.”

Methodology
Rapid7 measured the internet-facing services of the globe during Q2 of 2020 by conducting protocol surveys of the most common technologies deployed today -- from telnet to SMB to databases to web servers, and everything in between. The research team specifically looked for populations of cleartext protocols and their encrypted counterparts, services wholly inappropriate for internet exposure, and protocols that lend themselves to DDoS amplification attacks.