This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings,click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.

Rapid7 Insight is your home for SecOps, equipping you with the visibility, analytics, and automation you need to unite your teams and amplify efficiency.

Need a hand with your security program? From planning and strategy to full service support, our experts have you covered.

Following the footsteps of Rapid7s long-runningNational Exposure Index, Rapid7 researchers turned their attention to exposure in corporate Americamore specifically, theFortune 500. Measuring key exposure metrics, we determine in this report the level of exposure represented by this group of organizations in order to help target cyber-risk reduction efforts, improve information-sharing within industry sectors, and build awareness of practices organizations can undertake to avoid future exposure.

The report reveals that cybersecurity basics are being missed or insufficiently deployed even among very large, mature, and well-resourced organizations. Keeping up with the never-ending task of maintaining a comprehensive security program is a challenge for organizations of all sizesparticularly when there is always more to be done amid constrained time and resources. If this challenge cannot comprehensively be met by these very large, high-revenue companies, it is not difficult to imagine how much worse it is for smaller organizations with far fewer resources to apply to security.

To learn more about the overall exposure of Fortune 500 companies, read theIndustry Cyber-Exposure Report: Fortune 500.

Register for our webcast on Thursday, Dec. 13 at 11 a.m. EST to hear our researchers explain what this exposure means.

The methodology outlined in this report describes several ways, based on openly available internet connections, to measure the exposure of specific organizations and industry sectors to certain cybersecurity risks. The report covers the following topics:

The average attack surface, broken down by industry, presented on the internet by the top companies in America

Corporate adoption of Domain-based Message Authentication Reporting & Conformance (DMARC), a set of inexpensivebut criticalanti-phishing controls

Malicious activity emanating from these companies, as measured by connections to Rapid7s

Internet exposure of inappropriate and insecure services such as Windows SMB and Telnet as surveyed from Rapid7sProject Sonar

To learn more about the key findings and analysis, read theIndustry Cyber-Exposure Reportin its entirety, andregister for our webcastto hear directly from the researchers.

Fortune 500-member orgs expose an average 500 servers/devices, with many companies exposing 2,500 or more.

Of the appraised Fortune 500 organizations, 330 have weak or nonexistent anti-phishing defenses (i.e., DMARC) in the public email configuration of their primary email domains.

Despite inherent weaknesses in Windows file-sharing and legacy Telnet servers, and known daily exploitation attempts against these vulnerable services, the average Fortune 500 organization exposes 510 of these services.

Is the internet broken? You bet. Get to know overall threat exposure on the internet in this report.

Learn how were uncovering actionable insights to make the world a safer place.

Thank you for submission. We will be in touch shortly.

There was a problem in submission. Pleasecontact us.

Were happy to answer any questions you may have about Rapid7

Please refer to ourPrivacy Policyor contact us or more details