United Kingdom has the strongest security globally, report says

A recent research study listed how countries fared.

Powers ranking

Powers ranking

There is no denying the global nature of the 21st century, businesses have embraced economic globalization and have expanded operations across the world. Yet, entering new countries can pose financial, operational and legal risks to an organization. Business laws or practices can widely differ between countries, and contracting local vendors can introduce new risks to an organization, including cyber risk.

Recent research by BitSight Technologies analyzed the security performance of a random sample of 250 companies (with at least 1,000 employees) per country from the United States, the United Kingdom, Singapore, Germany, China and Brazil. The analysis looked at the security performance through metrics such as botnet infections, SSL vulnerabilities, peer-to-peer file sharing, email security protocols and more. This slideshow illustrates the findings of the study.

security rankings
Thinkstock

The set-up

The chart above highlights the median Security Rating of companies in these countries from May 1, 2015 to May 1, 2016. To be eligible for selection, an organization needed more than 50 percent of its IPv4 addresses mapped to the country in question. Companies were also excluded if the known employee count was less than 1,000. In order to gain an accurate view of security performance, BitSight collects network asset information utilizing a team of technical researchers.

Full methodology available here

security rankings
Thinkstock

Machine compromise activity

Botnets are networks of computers that have been compromised or infected with malicious software and controlled as a group by an adversary without the owner’s knowledge. These infections are direct evidence that an outside attacker has gained access and/or control of a system. But beyond access to a corporate network, companies with poor performance in protecting and eliminating botnets have led to other major problems. Botnet grades are a component of the overall Security Rating of an organization. These grades indicate the performance of an organization in preventing botnet infections and mitigating events that do occur quickly.

United Kingdom
Thinkstock

United Kingdom earns gold

Companies in the UK had the highest aggregate Security Rating.

Factored into its rating:

The UK had the highest overall Security Rating of 740. Factoring into that score was its low susceptibility to botnet attacks, as 26.8 percent of companies had a “B” grade or lower. Almost three quarters of companies in the UK have an “A” grade, meaning they have very few botnet infections and are quick to address them.

Germany wins silver
Thinkstock

Germany wins silver

Germany narrowly edged out the United States with the second highest aggregate Security Rating. Germany’s rating was a 725.

Factored into its rating:

German companies had a significantly lower percentage of companies with observed file sharing activity on corporate networks, with only 11.6 percent of companies showing evidence of peer-to-peer downloads. One potential explanation could be documented enforcement practices in Germany, such as fines for those who break the law regarding peer-to-peer file sharing.

United States places third
Thinkstock

United States places third

The US placed well in most categories and challenged other countries for the top rating, but in the end, it relegated to the third-best aggregate Security Rating of 720.

Factored into its rating:

The United States proved more susceptible to botnet attacks, with 37.2 percent of organizations receiving a grade of “B” or lower. Internet Communication Vulnerabilities were a key stat in this research. The United States reported being the least vulnerable to Heartbleed (8 percent of companies running services vulnerable to this SSL attack), but was the most vulnerable to POODLE (82 percent of companies running services vulnerable to this SSL attack).

Singapore and China form the middle of the pack
Thinkstock

Singapore and China form the middle of the pack

Singapore and China placed fourth and fifth, respectively based on their separate aggregate Security Ratings. Singapore had an overall score of 711 and China fell below with 683.

Factored into its ratings:

30.4 percent of companies in Singapore received a a botnet grade of “B” or lower and Chinese companies closely matched at 30.8 percent. Both proved susceptible to Heartbleed and FREAK, but China was the least susceptible country to POODLE t, with 64.8 percent of companies susceptible. China also had the largest percentage of companies with insecure email, based on email security protocols, with 66 percent of its companies earning a SPF grade of “C” or below. Fifty-four percent of Singapore companies had an SPF grade of a “C” or below.

Brazil places last
REUTERS/Eddie Keogh

Brazil places last

Brazil had the worst aggregate rating of the six nations analyzed, ending with a score of 666.

Factored into its rating:

Brazil had the poorest performance when it comes to preventing and mitigating botnet infections. Almost half, (46 percent) of Brazilian companies had a grade of “B” or lower when it came to preventing botnet infections, the lowest grade of all nations analyzed. Peer-to-peer file sharing over the BitTorrent protocol is a prevalent issue for companies in Brazil, with 46.8% of companies experienced file sharing activity in the past year.