Request your free Security Rating Snapshot to find the gaps in your security program and how you compare to others in your industry.
At BitSight, our data scientists are constantly analyzing new cybersecurity trends and information and then extracting the data most pertinent to our customers. With those findings, we create what we call a BitSight Insights report. Below, we’ve highlighted six of these reports, along with two key takeaways for each. We hope these summaries, statistics, and insights are valuable for you.
Could your vendors—and your data—be in harm’s way because of the amount of aggregate risk you’ve taken on? Without the necessary information about your vendors’ service providers (i.e., your fourth parties), you certainly could be. This report examines over 35,000 companies around the world for insight about their fourth-party relationships and risks.
- The media and entertainment sector could be severely impacted by a service provider outage. Close to 40% of media and entertainment companies use Amazon Web Services as their content delivery network.
- Single points of failure become a reality as organizations and their business associates use the same set of service providers. Over 31% of companies examined in this study are linked to Adobe Systems, which experienced a data breach in 2013.
Although companies have bolstered cybersecurity efforts in an attempt to mitigate increasing risk, this protection is very often inadequate. For example, an organization may not put proper safeguards in place to monitor their vendors’ cybersecurity activity, and one of those “trusted” vendors is then hacked. This has the potential to jeopardize your critical data. This Insights report hones in on how vendor risk management (VRM) today is often inadequate and the steps you can take to create a successful VRM program.
- Almost 70% of companies reported that they are highly concerned about the cyber risks posed by vendors.
- That said, only 10% of companies reported that they were using an automated, dynamic system to monitor vendor cyber risks.
Businesses around the world have embraced economic globalization, and many have expanded their operations internationally. But with this shift comes the potential for many risks—including new cyber risks. To better understand this, the BitSight research team examined companies around the world to learn about risk vectors and cybersecurity performance as these factors pertain to the country where the organization is based.
- Companies based in Brazil have the lowest aggregate Security Rating, while companies in the U.K., Germany, and the U.S. have the highest.
- Brazil and the U.S. have the poorest performance when it comes to preventing and mitigating botnet infections; Germany and the U.K. perform the best in the fight against botnets.
The first “strain” of ransomware began in 1989, when bad actors used floppy disks to infect computers with what was known as the AIDS (or PC Cyborg) Trojan. Today, ransomware is still used regularly through evolved approaches. BitSight researchers analyzed this increasingly common threat across more than 20,000 companies in order to identify the most common types of ransomware and determine the industries that are most susceptible.
- Ransomware is gaining traction rapidly. In fact, the rate of ransomware has significantly increased for every industry examined over the last 12 months. Cyber criminals seem to be finding a lucrative business through ransomware attacks.
- Of the six industries examined, government had the second-lowest security rating and the second-highest rate of ransomware. In fact, ransomware in this sector more than tripled over the last 12 months.
Cyber events have taken place in every industry—but the legal sector is often overlooked, despite the fact that law firms are a commonly used third party. In this study, the BitSight research team examined how the cybersecurity posture in the legal sector has changed over the years and whether its performance should raise concerns for security teams.
- More than 60% of the organizations from the legal sector examined for this study were exposed to DROWN, a major SSL/TLS vulnerability. DROWN—which was discovered in early 2016—can enable a criminal to decrypt secure communications and potentially expose information sent over HTTPS, such as passwords, usernames, and payment card details.
- The legal sector had the second-highest percentage of companies with a BitSight Security Rating of 700 or higher, in line with retail and only trailing finance. (Security Ratings, which measure the security performance of organizations, are ratings that range from 250-900, with a higher rating indicating better security performance.)
Recent events considered, it’s clear that cyber threats aren’t going away anytime soon. And while companies are allocating more resources today than ever before to cybersecurity, vulnerabilities are still exploited regularly. To better understand this, BitSight looked into some of the largest companies in the U.S. to learn how mature—and how secure—they are in regard to cyber health.
- In the last 15 months, BitSight researchers found that at least one out of every 20 Fortune 1000 companies has experienced a publicly disclosed breach.
- In March, Bedep—a botnet resulting in actual machine compromise—was seen in one out of every five Fortune 1000 companies. In December 2016, it was seen in just one out of every 20 Fortune 1000 companies.
Want more takeaways and insights?
You’ll find another nine Insights reports (in addition to the six listed above), with topics ranging from the cyber health of the U.S. economy to accountability for vendor cybersecurity performance. Download one (or all) for free today.