Businesses have learned to embrace economic globalisation and have expanded operations around the world. A new report from BitSight studied how entering new countries can bring on financial, operational and legal risks, including cyber-risks, to an organisation.
The research analysed security ratings of a random sample of 250 companies per country from the UK, US, Singapore, Germany, China and Brazil. Eligible organisations needed more than half of its IPv4 addresses mapped to the country in question and over 1,000 employees.
Companies based in Brazil were discovered to have the lowest aggregate security rating. Meanwhile, companies in the UK, Germany and the US have the highest. Germany and the UK perform when it comes to preventing and mitigating machine compromise coming from botnets, however, Brazil and the US have the poorest performance.
All countries included in the study can improve on remediation of SSL and TLS vulnerabilities in huge internet communication protocols such as Heartbleed, POODLE and FREAK.
Peer-to-peer file sharing is common across all countries included in the study except for Germany. Businesses in Brazil have a higher rate (46.8 percent) of harmful peer-to-peer file sharing on corporate networks. China and the UK also had a sizable percentage exhibiting this behaviour, with 36.4 percent and 34 percent respectively.
Organisations across all six countries can improve adoption and configuration of email security protocols. China (87.2 percent), Brazil (78.8 percent) and Germany (71.6 percent) have the higher percentages of poorly configured email security protocols such as SPK and DKIM. The UK had the lowest percentage of companies with poor performance (64 percent).
“Along with operational, financial and legal risk, cyber-risk should be a key consideration when extending operations globally. This includes understanding the risk associated with sharing sensitive data with global partners and vendors,” said Stephen Boyer, co-founder and CTO of BitSight Technologies.
“Just as business practices and laws differ across countries, so do cyber-security practices. When expanding globally, it is imperative to communicate best practices and establish a standard of security performance that can be implemented across the entire supply chain.”