The UK is the fourth most exposed country to cyber vulnerabilities in the world, behind the US, China and South Korea, a report by Rapid7 has found.
Rapid7’s National Industry Cloud Exposure Report (NICER) for 2020 also finds that despite significant efforts on the part of the UK National Cybersecurity Centre (NCSC) to encourage exposure reduction across all organisations, the UK’s share of SMB servers has increased by 22% from the same period in 2019.
However, the increase in SMB was offset by a 21% reduction in exposed Telnet services and 11% reduction in exposed FTP services.
And while the UK has fewer total vulnerabilities per-exposed service/system than other countries, due to continued efforts by the NCSC, these vulnerabilities account for under 38.4% of all exposed surfaces, showing more work needs to be done on the vulnerability management side by organisations and hosting providers.
In a time of global pandemic and recession, the report offers a data-backed analysis of the changing Internet risk landscape, measuring the prevalence and geographic distribution of commonly known exposures in the interconnected technologies that shape our world.
The research team calculated a country’s risk by measuring the total attack surface, (which reviews how much of a business is exposed to attacks); the total exposure of selected surfaces such as SMB and Telnet (which should never be exposed); the number of CVEs present, as more known vulnerabilities means more exposure; the distribution of vulnerability rates and the maximum vulnerability rate.