U.S. businesses are some of the most secure in the world, but they still struggle to combat botnets and they leave networks open to common security vulnerabilities, according to security firm BitSight’s survey of corporate cybersecurity practices in six countries.
BitSight surveyed 250 companies in each country, and the United States ranked third, behind the United Kingdom and Germany but ahead of Singapore, China, and Brazil, in overall security, based on 250 businesses’ median security score.
The American private sector also scored well in terms of its openness to the Heartbleed SSL vulnerability; only 8 percent of surveyed U.S. companies ran equipment that was vulnerable to Heartbleed, while more than 14 percent of Brazilian companies were exposed.
When it came to two other major security flaws, U.S. companies fared much worse. America topped the list for exposure to an attack knonw as POODLE and placed second for one known as FREAK. Although every country was widely vulnerable to FREAK attacks, a shocking 82 percent of American businesses were exposed.
Botnets—networks of computers infected with malware that lets a remote attacker control them en masse—are also a major problem in the United States. More than a third of U.S. companies earned a botnet prevention grade of B or lower—the second highest percentage of poor grades, trailing only Brazil.
According to BitSight’s team, which audited more than six thousand companies in 2015, “companies with a BitSight botnet grade of ‘B’ or lower were more than twice as likely to experience a publicly disclosed breach.”
BitSight collected data for its new survey between May 1, 2015, and May 1, 2016.