New Report Underscores Risk Associated with 4th Party Networks, Exposing Enterprises to Breaches and Widespread Business Disruptions

Bitsight Insights Report Illustrates Why a Single Point of Failure Should Be a Primary Concern for Organizations

Bitsight Technologies, the standard in Security Ratings, today released a new Bitsight Insights report titled, “Risk Degrees of Separation: The Impact of Fourth Party Networks on Organizations,” which analyzed Security Ratings of more than 35,000 companies across 22 different industries to uncover the vulnerabilities posed by fourth parties – the subcontractors of third party vendors. The report also addresses the risk associated with single points of failure, where one disruption from a key service provider could result in widespread outages.

Many organizations are transitioning to digital systems, which has increased the dependency on cloud service providers, web hosting platforms, and other external services. Cyber criminals are recognizing that these outside vendors and subcontractors can often be their best point of entry into many companies. Bitsight’s latest Insights report illustrates how observed enterprises were linked to fourth parties, finding that companies within key industries like Media and Entertainment, Healthcare, and Aerospace and Defense often utilize the same fourth party service providers, exposing entire vertical markets to significant outages.

“As a result of recent high-profile breaches, organizations are aware of the security risks associated with their third-party vendors. We are taking vendor risk analysis one step further by looking not only at third party vendors, but the vendors’ vendors as well -- the fourth party,” said Stephen Boyer, co-founder and CTO of Bitsight Technologies. “Though understanding your entire security ecosystem may seem like a lofty undertaking, appropriate identification, prioritization, and validation, paired with continuous monitoring, can simplify the process and eliminate the potential for a devastating disruption.”

Bitsight uses publicly accessible data to rate companies’ security performance on a daily basis. Observed security events and configurations, such as communication with a botnet, malware distribution, and email server configuration, are assessed for severity, frequency and duration, and used to generate objective, accurate, and actionable Security Ratings. Bitsight Security Ratings range from 250 to 900, with higher ratings equating to higher security performance. Industry ratings are calculated using a simple average of the Bitsight Security Ratings of companies in that sector.

Key Findings

  • The media and entertainment sector could be severely impacted by a service provider outage.

Close to 40% of media and entertainment companies use Amazon Web Services as their content delivery network.

  • Single points of failure become a reality as organizations and their fourth parties use the same set of service providers.

Over 31% of companies examined in this study are linked to Adobe Systems, which experienced a data breach in 2013.

  • Aerospace and defense companies could be exposed to serious vulnerabilities as a result of using obsolete software.

More than 13% of the aerospace and defense companies observed use IIS 6, indicating that they use Windows Server 2003 (no longer supported by Microsoft).

Along with the release of the latest Insights report, the company today announced Bitsight Discover, a new platform designed to enable users to quickly identify fourth party connections and their associated risk, and the first module, Bitsight Discover for Risk Aggregation, created for cyber insurers to better manage risks across their entire book of business. For more information, visit http://bitsig.ht/216EwQD.

To download a copy of the Bitsight Insights report, visit http://bitsig.ht/1oy1L8m.

About Bitsight Technologies


Bitsight Technologies is transforming how companies manage information security risk with objective, evidence-based security ratings. The company's Security Rating Platform continuously analyzes vast amounts of external data on security behaviors in order to help organizations manage third-party risk, benchmark performance, and assess and negotiate cyber insurance premiums. Based in Cambridge, MA, Bitsight is backed by the National Science Foundation, Globespan Capital Partners, Menlo Ventures, Flybridge Capital Partners, Comcast Ventures, Commonwealth Capital Ventures, Liberty Global Ventures, Shaun McConnon and Singtel Innov8. For more information, please visit www.bitsight.com, read our blog or follow @Bitsight on Twitter.