Berliners are more at risk from cyber-attacks through exposed web-connected devices and services than any other major city in Europe, according to a new report released today by Trend Micro. Encompassing Western European capitals, the research identified more than 2.8 million ‘visible’ assets in the city, such as webcams, routers, printers, private telephone systems and media recording tools, that are leaving businesses and residents vulnerable to attacks.
Analysing the cities most at risk, Trend Micro is warning people around the region to take responsibility for their cyber assets, and not rely on manufacturers to build in appropriate security by default.
London most at risk in the UK
With over 2.5 million exposed cyber assets, London tops the list of UK cities most at risk – more than seven times higher than the next most exposed city, Manchester (321,112 vulnerable assets). Glasgow, although not third in terms of population, came next with 161,108 exposed assets. Liverpool, Sheffield, Nottingham, Newcastle, Sunderland, Gloucester and Gateshead make up the top ten.
When factoring in population sizes, London remains highest, with around three exposed devices to every ten people. Interestingly, major UK hubs including Birmingham and Leeds, did not make the top ten in terms of asset exposure.
‘Businesses think that using new devices will automatically protect them from cyber threats, but it’s not that simple,’ says Rik Ferguson, vice president of security research for Trend Micro.
‘What’s even more concerning is that some of the region’s biggest tech hubs feature at the top of the lists, showing that enhanced security is not a natural consequence of increased technology. More work needs to be done around security fundamentals and best practices including network segmentation, layered security and authentication and access control.’
Exposure across Western Europe
Around the region, Berlin (2,805,956 assets exposed) was followed by London (2,528,286) and Madrid (1,365,736). However, when calculated on a per capita basis, the risk is significantly lower in Berlin and London, with Amsterdam out ranking other European capitals considerably. Lisbon, Oslo and Madrid all saw more exposure than London.
Culprit devices and services
When it comes to the offending devices in the UK, researchers found that it was ‘internet-facing’ firewalls, which should act as firewalls, that were the most exposed, with 15,448 vulnerable. This is likely due to them having many open ports to allow traffic from the internet in and out. Following firewalls were webcams, with 5,077 found. Routers were the third most exposed type of device (2,499 located).
UK businesses also saw a high number of web services – software that allows machine or device communication over a network or the web – open to attack. London was by far the highest, with 1,475,849 exposed web services, followed by Manchester (226,446) and Leeds (177,130).
London also led in terms of the number of exposed email services (80,623, compared to 8,828 in Manchester) – concerning given the volume of sensitive business and government data that flows throughout the capital’s inboxes.