Vendor Risk Management

12 Key Takeaways From 6 Cybersecurity Insights Reports

Melissa Stevens | May 25, 2017

At BitSight, our data scientists are constantly analyzing new cybersecurity trends and information and then extracting the data most pertinent to our customers. With those findings, we create what we call a BitSight Insights report. Below, we’ve highlighted six of these reports, along with two key takeaways for each. We hope these summaries, statistics, and insights are valuable for you. 

#1: Risk Degrees Of Separation: The Impact Of Fourth-Party Networks On Organizations

Could your vendors—and your data—be in harm’s way because of the amount of aggregate risk you’ve taken on? Without the necessary information about your vendors’ service providers (i.e., your fourth parties), you certainly could be. This report examines over 35,000 companies around the world for insight about their fourth-party relationships and risks.

Key Takeaways Reputation Matters: Why Reputational Risk Management Is So Critical For Your Organization

  1. The media and entertainment sector could be severely impacted by a service provider outage. Close to 40% of media and entertainment companies use Amazon Web Services as their content delivery network.

  2. Single points of failure become a reality as organizations and their business associates use the same set of service providers. Over 31% of companies examined in this study are linked to Adobe Systems, which experienced a data breach in 2013.

#2: Don’t Let “Trusted” Vendors Be Cyber Breach Enablers

Although companies have bolstered cybersecurity efforts in an attempt to mitigate increasing risk, this protection is very often inadequate. For example, an organization may not put proper safeguards in place to monitor their vendors’ cybersecurity activity, and one of those “trusted” vendors is then hacked. This has the potential to jeopardize your critical data. This Insights report hones in on how vendor risk management (VRM) today is often inadequate and the steps you can take to create a successful VRM program.

Key Takeaways

  1. Almost 70% of companies reported that they are highly concerned about the cyber risks posed by vendors.

  2. That said, only 10% of companies reported that they were using an automated, dynamic system to monitor vendor cyber risks.

#3: Revealing Security Performance Metrics Across Major World Economies

Businesses around the world have embraced economic globalization, and many have expanded their operations internationally. But with this shift comes the potential for many risks—including new cyber risks. To better understand this, the BitSight research team examined companies around the world to learn about risk vectors and cybersecurity performance as these factors pertain to the country where the organization is based.

Key Takeaways

  1. Companies based in Brazil have the lowest aggregate Security Rating, while companies in the U.K., Germany, and the U.S. have the highest.

  2. Brazil and the U.S. have the poorest performance when it comes to preventing and mitigating botnet infections; Germany and the U.K. perform the best in the fight against botnets.

#4: The Rising Face Of Cyber Crime: Ransomware

The first “strain” of ransomware began in 1989, when bad actors used floppy disks to infect computers with what was known as the AIDS (or PC Cyborg) Trojan. Today, ransomware is still used regularly through evolved approaches. BitSight researchers analyzed this increasingly common threat across more than 20,000 companies in order to identify the most common types of ransomware and determine the industries that are most susceptible.

Key Takeaways

  1. Ransomware is gaining traction rapidly. In fact, the rate of ransomware has significantly increased for every industry examined over the last 12 months. Cyber criminals seem to be finding a lucrative business through ransomware attacks.

  2. Of the six industries examined, government had the second-lowest security rating and the second-highest rate of ransomware. In fact, ransomware in this sector more than tripled over the last 12 months.

#5: Exploring Data Security In The Legal Sector & Beyond (December 2016)

Cyber events have taken place in every industry—but the legal sector is often overlooked, despite the fact that law firms are a commonly used third party. In this study, the BitSight research team examined how the cybersecurity posture in the legal sector has changed over the years and whether its performance should raise concerns for security teams.

Key Takeaways

  1. More than 60% of the organizations from the legal sector examined for this study were exposed to DROWN, a major SSL/TLS vulnerability. DROWN—which was discovered in early 2016—can enable a criminal to decrypt secure communications and potentially expose information sent over HTTPS, such as passwords, usernames, and payment card details.

  2. The legal sector had the second-highest percentage of companies with a BitSight Security Rating of 700 or higher, in line with retail and only trailing finance. (Security Ratings, which measure the security performance of organizations, are ratings that range from 250-900, with a higher rating indicating better security performance.)

#6: How Secure Are America’s Largest Business Partners?

Recent events considered, it’s clear that cyber threats aren’t going away anytime soon. And while companies are allocating more resources today than ever before to cybersecurity, vulnerabilities are still exploited regularly. To better understand this, BitSight looked into some of the largest companies in the U.S. to learn how mature—and how secure—they are in regard to cyber health.

Key Takeaways

  1. In the last 15 months, BitSight researchers found that at least one out of every 20 Fortune 1000 companies has experienced a publicly disclosed breach.

  2. In March, Bedep—a botnet resulting in actual machine compromise—was seen in one out of every five Fortune 1000 companies. In December 2016, it was seen in just one out of every 20 Fortune 1000 companies.

Want more takeaways and insights?

You’ll find another nine Insights reports (in addition to the six listed above), with topics ranging from the cyber health of the U.S. economy to accountability for vendor cybersecurity performance. Download one (or all) for free today.

Reputation Matters: Why Reputational Risk Management Is So Critical For Your Organization

Suggested Posts

Third-Party Risk Management Best Practices for Enterprise

Companies are becoming increasingly reliant on third-party relationships, and cyber attacks originating in the systems of third parties are on the rise.

READ MORE »

Airbus Incident Shines Spotlight on Third-Party Vendor Security Risks

2019 has been a year of high-profile attacks, and, as we predicted, it’s only getting worse. That’s certainly the case for Airbus.

READ MORE »

A Vendor Risk Management Questionnaire Template

IT Risk Assessment Questions for Third Parties

Digital relationships with third-party vendors increase opportunities for growth, but they also increase opportunities for cyberattacks — a recent study found that 61% of U.S. companies said...

READ MORE »

Subscribe to get security news and updates in your inbox.