From: RegTech Analyst
Lots of financial services companies leave themselves exposed to hacks by using unpatched services, according to a new report by Rapid7.
The National Industry Cloud Exposure Report showed that uncovered a particularly high level of known vulnerabilities in the financial services and telecommunications industry, with each industry having 10,000 high-rated common vulnerabilities and exposures across their public-facing assets.
It also found that the companies lag behind when it comes to patching and updating software. This, the report argued, was a particularly prevalent issue among remote console access where, for example, 3.6 million secure shell servers are sporting versions between five and 14 years old.
“Financial services companies are often some of the biggest targets to cyber attackers,” said Tod Beardsley, research director at Rapid7. “One thing shocks me is the prevalence of un-securable SMB servers that exist within these organisations, showing that UK organisations have not learned the lessons of WannaCry, which cost the NHS more than £92m a couple of years ago.
“My advice to IT teams within financial services organisations is to bake in regular patching windows and decommissioning schedules to their internet-facing infrastructure.”
Copyright © 2020 FinTech Global