BitSight Technologies, the standard in Security Ratings, today released a new BitSight Insights report titled, “Beware the Botnets: Botnets Correlated to a Higher Likelihood of a Significant Breach,” which examines the link between botnets and publicly disclosed data breaches in various industries from March 2014 through March 2015. The study concentrated on publicly disclosed breaches because these have the greatest impact to organizations in terms of personally identifiable information (PII) loss, subsequent customer notification, forensic investigation and reputation damage.
“The implications for organizations across industries are that botnet infections cannot be ignored. Companies with lower botnet grades are clearly at greater risk for a publicly disclosed breach than those with the highest grade,” said Stephen Boyer, co-founder and CTO of BitSight. “BitSight botnet grades, which are a component of the top-level BitSight Security Rating, can serve as a key metric for executives, board members, insurers, and security and risk teams that are actively looking to understand the risk for a public data breach for themselves, their insureds, or their vendors.”
This correlation provides important insight that can be leveraged for the following initiatives, as organizations look to better prioritize areas of focus to address the most critical risks:
For the report, BitSight examined the ratings and risk vectors of 6,273 companies with 1,000 or more employees, of which 199 (3.3 percent) had experienced at least one recent publicly disclosed breach. BitSight Security Ratings range between 250 and 900, with higher ratings indicating better performance. These ratings are comprised of risk vectors, which include security events (observed compromises on a company’s network) and diligence risk vectors (steps a company has taken to prevent attacks). For each risk vector, an overall letter grade (A-F) is assigned, indicating the company’s performance relative to others. The grade takes into account factors such as frequency, severity, and duration (for events) as well as record quality, evaluated based on industry-standard criteria (for diligence).
To provide companies with insight into their security performance, BitSight is offering free demos of their Security Ratings product along with a Security Rating and botnet grade. For more information or to register, visit http://bitsig.ht/1y8XuvQ.
To download a full copy of the BitSight Insights report, visit http://bitsig.ht/1C6Q4VP.