Today BitSight published our most recent BitSight Insights report, Beware the Botnets; Botnets Correlated to a Higher Likelihood of a Significant Breach. Within this report BitSight has identified a solid correlation between botnet infections and publicly disclosed breaches. To arrive at this finding, BitSight leveraged botnet grades that are available to all customers in the Security Ratings platform. These letter grades, which are available for a wide range of risk vectors, provide insight into a company’s performance relative to others. These grades also take into account factors such as frequency, severity, and duration (for events) as well as record quality, evaluated based on industry-standard criteria (for diligence).
Vendor Risk Management: Risk managers and security teams can leverage this finding to communicate with vendors about the possibility of data loss in their information supply chain. It is also useful information when evaluating new vendors.
Benchmarking Security Performance: Businesses can easily benchmark this important metric against peers and industry averages. CISO’s can more readily talk about and answer questions about their organization’s risk of a breach compared to others.
Cyber Insurance: Underwriters are looking for actionable metrics to understand a company’s susceptibility to a breach. By analyzing botnet grades, insurers can become better informed of a company’s likelihood of a breach before underwriting a policy. They can also use this information to actively monitor their insureds.
Mergers & Acquisitions: Companies that are actively looking to acquire or merge with another company can leverage this information to assess the possibility of data loss events of a potential acquisition target.
Utilities was a poor performer with more than 52% of companies falling below the A threshold. Tasked with protecting the nation’s critical infrastructure, this finding is an important issue that should be addressed. In addition, BitSight has observed some complex and potentially harmful botnets targeting the industry.
Retail and Healthcare are middle of the pack performers, but are by no means secure. These two industries have been hit by major breaches in the past year, yet more than half of companies received A grades for botnet remediation.
Finance continues to be top performer, with 74% of companies gaining a grade of A. This is likely due to the industry’s focus on regulatory compliance and culture of awareness of cyber threats.
Education fails to make the grade, with a mere 23% of schools and universities earning an A. More than 33% of these institutions are failing (a grade of F), as this industry struggles with protecting campus and educational networks. This finding echoes our previous Insights report of college security performance.