In 2015, BitSight published a report, Beware the Botnets: Botnets Correlated to a Higher Likelihood of a Significant Breach. In that report, researchers discovered that companies with botnet grades of ‘B’ or lower were more than twice as likely to experience a significant data breach. Now two years since that study, researchers examined more than 70,000 organizations and found similar results, including additional risk vectors that correlate to an increased likelihood of an organization experiencing a breach. Organizations have begun to take action based on these findings by communicating with trusted third parties who are likely to experience a data breach based on their security posture.
Last year, BitSight published a BitSight Insights report, Peer-to-Peer Peril: How Peer-to-Peer File Sharing Impacts Vendor Risk and Security Benchmarking and observed that 23 percent of companies examined had some form of file sharing activity on their networks. Although many organizations explicitly ban this activity, researchers found that in some industries, over a quarter of companies share files over the BitTorrent protocol. New findings by BitSight show that the likelihood of experiencing a publicly disclosed data breach more than doubles if an organization has a BitSight File Sharing grade lower than an A.
Botnets are networks of computers that have been compromised or infected with malicious software and are controlled by an adversary without the owner's knowledge. Although a botnet may not always lead to data loss, it is usually a sign that protective controls have failed and that at least some data or system confidentiality is at risk. With this year’s research, BitSight continues to find that companies with a BitSight Botnet grade lower than an A are nearly twice as likely to have experienced a breach.
Earlier this year, a MongoDB vulnerability showed us that open ports exposed to the internet can expose organizations to cyber attacks. Organizations may be unaware of open ports on their network. Hackers can exploit this vulnerability to access a company’s sensitive data, sometimes even demanding payment before releasing the information back to the company. A study earlier this year between BitSight and Advisen, Bridging the Gap: How Cyber Practices & Data Breaches are Connected, found that 60 percent of breached organizations had 10 or more ports susceptible to unauthorized use. Recent research by BitSight finds that organizations with an F as their BitSight Open Port grade are more than twice as likely to experience a breach than companies with an A.
Cyber criminals are constantly looking for weaknesses in your network. Continuously monitoring your and your vendors’ security ratings and benchmarking your performance against your industry can give you the necessary insight to bolster your network’s security. Below are some best practices to consider: