Following the footsteps of Rapid7’s long-running Fortune 500. Measuring key exposure metrics, we determine in this report the level of exposure represented by this group of organizations in order to help target cyber-risk reduction efforts, improve information-sharing within industry sectors, and build awareness of practices organizations can undertake to avoid future exposure.
The report reveals that cybersecurity basics are being missed or insufficiently deployed even among very large, mature, and well-resourced organizations. Keeping up with the never-ending task of maintaining a comprehensive security program is a challenge for organizations of all sizes—particularly when there is always more to be done amid constrained time and resources. If this challenge cannot comprehensively be met by these very large, high-revenue companies, it is not difficult to imagine how much worse it is for smaller organizations with far fewer resources to apply to security.
To learn more about the overall exposure of Fortune 500 companies, read the Industry Cyber-Exposure Report: Fortune 500.
Join the Webcast
Register for our on-demand webinar to hear our researchers explain what this exposure means.
Register NowExecutive Summary
The methodology outlined in this report describes several ways, based on openly available internet connections, to measure the exposure of specific organizations and industry sectors to certain cybersecurity risks. The report covers the following topics:
- The average attack surface, broken down by industry, presented on the internet by the top companies in America
- Corporate adoption of Domain-based Message Authentication Reporting & Conformance (DMARC), a set of inexpensive—but critical—anti-phishing controls
- Malicious activity emanating from these companies, as measured by connections to Rapid7’s Project Heisenberg
- Internet exposure of inappropriate and insecure services such as Windows SMB and Telnet as surveyed from Rapid7’s Project Sonar
To learn more about the key findings and analysis, read the Industry Cyber-Exposure Report in its entirety, and register for our webcast to hear directly from the researchers.