Las Vegas tops list of at-risk metropolitan areas
- By Matt Leonard
A new report ranked the 55 most populous urban areas in the United States based on how secure individuals are while using technology in those cities. The most secure city was Richmond, Va.; the least secure was Las Vegas, Nev.
The report from cybersecurity provider Coronet, titled “Cybersecurity in the City: Ranking America’s Most Insecure Metros,” specifically examined the cyber readiness of mid-market companies in the selected cities. A city receiving a higher score means people working for businesses there have a higher likelihood of their data being exposed, explained Coronet Chief Security Officer Dror Liwer.
Higher scores don’t necessarily mean there are issues with specific networks in these cities, but that the city is subject to greater numbers of malicious threats. “It's important to understand it's not about mistakes on the infrastructure side, it's about malicious actors,” Liwer said.
Coronet used a risk index ranging from 0 (most secure) to 10 (least secure). The data it used for the analysis came from just over 1 million endpoints the company monitors at the device, network and cloud level. Device vulnerabilities include missing or outdated firewalls or antivirus software, lack of password protection or lax user account management, or unsupported operating systems. The study also scanned Wi-Fi and cellular networks for threats, attackers and vulnerabilities as well as misconfigurations.
Las Vegas was the only city to score a 10.
The public Wi-Fi in hotels, combined with Nevada's underfunded cybersecurity budget, helped "propel Las Vegas to the distinction as America’s most insecure city," the report said, adding that holding hacker conventions like Blackhat and Defcon no doubt contributed to the score.
“The fact that Las Vegas is heavily, heavily attacked or there are a lot of malicious actors … makes a lot of sense,” Liwer said. “People from all over the U.S. come there -- they get 6.5 million conventioneers per year -- so it makes a lot of sense for attackers to set traps there. It's much easier to get to these people in a centralized location than [chasing] them all over the U.S. or in other parts of the world.”
Other cities nearly as insecure as Las Vegas include Memphis, Tenn.; Charlotte, N.C.; Houston; Providence, R.I.; and Birmingham, Ala. Four Florida cities rounded out the top 10: Jacksonville, West Palm Beach, Orlando-Daytona and Tampa-St. Petersburg.
Popular wisdom would suggest that older people more often fall for fraudsters online, but Liwer said the reality "in some cases is the exact opposite. The younger, corporate-y kind of people feel that they would recognize an attack and therefore they feel invincible, and that’s exactly where they fall prey as well.”
As for government networks, municipal Wi-Fi is especially vulnerable, Liwer said.
Free Wi-Fi networks are highly targeted by attackers because they usually are not well-protected platforms. "An attacker can easily spoof such a network and lure users onto that network,” he said. Free Wi-Fi networks are designed to be easy to connect to, so the responsibility lies with end users to ensure they’re not on a spoofed network.
Liwen called on government to step in and educate these businesses and consumers. “They need to educate because nobody else will; they need to educate about the risks,” he said.
Read the full report here.