TRENDING:

COVID-19 , Endpoint Security , Governance & Risk Management

Exposure Alert: Unsecured Internet Protocol Use Persists

While Rapid7's Tod Beardsley Sees a Decline, 'It's Still Not Good Enough' Mathew J. Schwartz (euroinfosec) • July 20, 2020    
Tod Beardsley, director of research, Rapid7

How has the COVID-19 pandemic - and the subsequent lockdown and job losses - affected the character and composition of the internet?

See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources

Tod Beardsley, director of research at Rapid7, says that was one of the top questions posed when his firm took its latest look at the prevalence of outdated and unsecured internet protocols and internet-connected devices, as described in its National Industry Cloud Exposure Report for 2020.

The good news: "Generally speaking, the internet, as far as exposure goes, has gotten better," he says. In particular, researchers saw an overall decrease in the use of telnet and SMB, an increase in the use of SSH instead of telnet, as well as an increase in using DNS instead of TLS. In addition, the long-expected "tsunami of awfulness" that researchers have been anticipating with internet of things devices has yet to emerge, he says.

The less-good news, however, is that "things on the internet have gotten marginally better, but it's still not good enough," he says.

In this video interview with Information Security Media Group, Beardsley also discusses:

  • The effect that the pandemic has had on the use of unsecured protocols and services;
  • The continuing problem of outdated, unpatched systems;
  • The widespread, continuing exposure of console applications - including remote desktop protocol - to the internet with insufficient security controls;
  • The importance of using two-factor authentication, IP allow lists, encrypted versions of plaintext protocols and "baking in patching."

Beardsley is the director of security at Rapid7. He has over 20 years of security experience, having has held IT ops and IT security positions at organizations that include 3Com, Dell and Westinghouse. He's been a featured speaker at security and developer conferences on open source security software development, managing the human "Layer 8" component of security and software and reasonable vulnerability disclosure handling.

Previous
Battling ID Fraud With Behavioral Biometrics
Next
Malicious Cryptocurrency Trading Apps Target MacOS Users

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.



Around the Network

Closing Privacy 'Loopholes' in Reproductive Healthcare Data
Closing Privacy 'Loopholes' in Reproductive Healthcare Data
HHS OCR Leader: Agency Is Cracking Down on Website Trackers
HHS OCR Leader: Agency Is Cracking Down on Website Trackers
Why Aren't 3rd Parties More Transparent About Breaches?
Why Aren't 3rd Parties More Transparent About Breaches?
Efficient Management of Enterprisewide Data Protection
Efficient Management of Enterprisewide Data Protection
Checking Out Security Before Using AI Tools in Healthcare
Checking Out Security Before Using AI Tools in Healthcare
What's Inside Washington State's New My Health My Data Act
What's Inside Washington State's New My Health My Data Act
HIPAA Considerations for AI Tool Use in Healthcare Research
HIPAA Considerations for AI Tool Use in Healthcare Research
Why Health Entities Need to Implement NIST Cyber Framework
Why Health Entities Need to Implement NIST Cyber Framework
Why Legacy Medical Systems Are a Growing Concern
Why Legacy Medical Systems Are a Growing Concern
CyberArk CEO Touts New Browser That Secures Privileged Users
CyberArk CEO Touts New Browser That Secures Privileged Users

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.