BitSight Technologies Announces File Sharing Risk Analysis Module for Assessing Vendors in the Supply Chain
BitSight Technologies, the standard in Security Ratings, today released a new BitSight Insights report titled, “Peer to Peer Peril: How BitTorrent File Sharing Impacts Vendor Risk and Security Benchmarking,” which examined BitTorrent peer-to-peer (P2P) file sharing activity of over 30,700 companies that BitSight rated for security performance. BitSight also announced a new file sharing analysis module for the BitSight Security Ratings Platform that assesses the risk posed by BitTorrent and other file sharing usage among vendors in a supply chain.
BitSight’s analysis looked at the percentage of P2P downloads containing malware, the top torrented applications and games on corporate networks and the correlation between file sharing and compromised machines via botnet infections. In addition, the report compared file sharing activity and protocol of 10 industries including —Finance, Retail, Healthcare, Energy/Utilities, Government, and Education. BitSight uncovered that 43 percent of applications and 39 percent of games contained malicious software that could infect corporate and vendor networks – highlighting that P2P file sharing can pose a major security threat to organizations and their vendors.
In conjunction with the release of this report, BitSight announced a new File Sharing module within its Security Ratings platform. This module allows customers to monitor and assess BitTorrent peer-to peer file sharing activity on their network as well as third party vendor networks. An overview of observed file sharing activity including applications, books, games, movies, music, TV and other files is now available to all customers using the BitSight platform. Users can also subscribe to additional forensic information, allowing them to identify torrent names, event dates, peer IP information and other details. Vendors can be invited to the platform to gain temporary access to this information and take action to remediate the issues.
“While the sharing and downloading of copyrighted or pirated content and applications over peer-to-peer typically violates most corporate policies, the behavior continues to occur at a high rate. Movies and games often come to mind when organizations think about P2P file sharing; however, the majority of infected applications that we uncovered were either Adobe Photoshop, Microsoft Office or various versions of the Microsoft Windows operating system,” said Stephen Boyer, co-founder and CTO of BitSight Technologies. “Our analysis found a high degree of correlation between organizations participating in P2P activity and system compromises via malware infections. The high malware infection rates suggest that organizations with file sharing activity are more susceptible to machine takeover. File sharing activity can serve as one of many key risk indicators and should be considered not only internally, but also when assessing vendor risk, conducting M&A due diligence, and underwriting cyber insurance.”
BitSight uses publicly accessible data to rate companies’ security performance on a daily basis. Observed security events and configurations, such as communication with a botnet, malware distribution, and email server configuration, are assessed for severity, frequency and duration, and used to generate objective, accurate, and actionable Security Ratings. BitSight Security Ratings range from 250 to 900, with higher ratings equating to higher security performance. Industry ratings are calculated using a simple average of the BitSight Security Ratings of companies in that sector.
- 23 percent of organizations analyzed have evidence of some P2P file sharing activity on their networks.
- 43 percent of torrented application files and 39 percent of torrented games contained malicious software.
- Adobe Photoshop and Grand Theft Auto V are the top torrented applications and games respectively.
- Industries such as Government, Education, and Energy/Utilities are poor performers; more than a quarter of companies in these industries have observed BitTorrent file sharing activity in the last six months.
- Companies with more file sharing activity were likely to have more compromised machines due to botnet infections.
For recommendations on mitigating the risks associated with P2P file sharing and to download a full copy of the BitSight report, visit http://bitsig.ht/1UAPytG.
The file sharing risk analysis module is available in the BitSight Security Ratings Platform immediately. For more information and pricing, contact [email protected].
About BitSight Technologies
BitSight Technologies is transforming how companies manage information security risk with objective, evidence-based security ratings. The company's Security Rating Platform continuously analyzes vast amounts of external data on security behaviors in order to help organizations manage third-party risk, benchmark performance, and assess and negotiate cyber insurance premiums. Based in Cambridge, MA, BitSight is backed by the National Science Foundation, Globespan Capital Partners, Menlo Ventures, Flybridge Capital Partners, Comcast Ventures, Commonwealth Capital Ventures, and Liberty Global Ventures. For more information, please visit www.bitsight.com, read our blog or follow @BitSight on Twitter.