Photo: Hero Images via Getty Images

A Rapid7 audit of the Fortune 500 companies on a variety of security fronts finds that the firms are doing a pretty good job in reducing entry points for hackers, but a lousy job at email security.

The big picture: The key numbers from this study come from two tests. One measured each firm's exposure to the internet by tabulating the number of services an eager hacker might connect to. A second tested adoption of security against sending fraudulent emails in a firm's name.

The bad news: The findings show that 330 out of the Fortune 500 companies do not have computers set up to prevent sending fraudulent emails in a firm's name.

  • Email wasn't designed to check if the email address listed as the sender actually sent the message. For example, a bad guy could send an invoice that looks like an invoice from a company email address even without access to a company email account.
  • There is a free add-on security protocol known as DMARC that checks with a server if an email is authentic and prevents those scams. Only 170 of the Fortune 500 use DMARC and have it configured to prevent fake messages from reaching an inbox.
  • "These are the best resourced companies in the world. They could easily run DMARC," said Tod Beardsley of Rapid7.

The good news: Fortune 500 companies only average around 500 exposed services to the internet. And while 500 may seem like a lot, given the size of the companies, Beardsley says he was expecting more.

  • "500 is lower than I was expecting," he said. "And only each only exposing 5–10 vulnerable services is lower than I was expecting."
  • The vulnerable networking protocol SMB was used to propagate the massive WannaCry malware in 2017.
  • "98% secure is pretty good. Clean up the last 2%, and we could prevent the next WannaCry," said Beardsley.

Go deeper

Updated 3 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Aïda Amer/Axios

  1. Global: Total confirmed cases as of 4:30 p.m. ET: 21,020,216 — Total deaths: 761,393— Total recoveries: 13,048,303Map.
  2. U.S.: Total confirmed cases as of 4:30 p.m. ET: 5,289,323 — Total deaths: 167,948 — Total recoveries: 1,774,648 — Total tests: 64,831,306Map.
  3. Health: CDC: Survivors of COVID-19 have up to three months of immunity Fauci believes normalcy will return by "the end of 2021" with vaccine — The pandemic's toll on mental health.
  4. Business: How small businesses got stiffed — Unemployment starts moving in the right direction.
  5. Cities: Coronavirus pandemic dims NYC's annual 9/11 Tribute in Light.
  6. Politics: Biden signals fall strategy with new ads.

Harris: "Women are going to be a priority" in Biden administration

Sen. Kamala Harris at an event in Wilmington, Del. Photo: Drew Angerer/Getty Images

In her first sit-down interview since being named Joe Biden's running mate, Sen. Kamala Harris talked about what she'll do to fight for women if elected VP, and how the Democrats are thinking about voter turnout strategies ahead of November.

What they're saying: "In a Biden-Harris administration women are going to be a priority, understanding that women have many priorities and all of them must be acknowledged," Harris told The 19th*'s Errin Haines-Whack.

Facebook goes after Apple

Illustration: Lazaro Gamio/Axios

Facebook is seeking to force a face-off with Apple over its 30% in-app purchase commission fee, which Facebook suggests hurts small businesses struggling to get by during the pandemic.

The big picture: Facebook has never publicly gone after Apple, a key strategic partner, this aggressively. Both companies face antitrust scrutiny, which in Apple's case has centered on the very fee structure Facebook is now attacking.