The File Sharing risk vector is part of the User Behavior risk category. It observes the sharing of files using BitTorrent or when the activity is observed on company infrastructure. See the Bitsight categories for torrents.
Resources
- Bitsight, “Is illegal file sharing occurring within your or your vendors’ cyber ecosystem?”
- StackOverflow, “How does DHT in torrents work?”
- BitTorrent.org, “DHT Protocol”
Risks
There’s no guarantee that content exchanged through BitTorrent has not been tampered with. This increases the risk of introducing malware to the system via malware or vulnerable software, such as unpatched and unregistered software.
Bitsight Blog, “Two Years Later, Still at Least Twice as Likely”
Our research shows that the likelihood of experiencing a publicly disclosed data breach more than doubles if an organization has a File Sharing risk vector grade lower than an “A.”
The networks of 30,700 companies were observed across all industries and found 23% of organizations were using the BitTorrent protocol for peer to peer file sharing. Among these companies, 43% of torrented applications were also observed to contain malicious software.
- Despite matching content names or “official-sounding” titles, file sharing creates a risk of allowing malware to infect an organization’s network.
- Systems damage, which can lead to a disruption of business continuity, potential loss of data, and theft of intellectual property.
- A company can encounter legal issues associated with using unlicensed software and media.
Grading
See how the File Sharing risk vector is graded.
Finding Grades
Finding grades are not applicable to File Sharing. This is displayed as N/A in the Findings Table. The findings still have an impact on the rating.
Insufficient Data
A default risk vector grade is assigned if there is insufficient or no data.
Behavior: The rating is positively impacted if there are no File Sharing findings.
Default Grade:
Lifetime
Lifetime is the number of days a finding impacts the risk vector grade, assuming nothing changes in the future and the finding is not updated with new information. This is defined by the number of days a finding will impact the risk vector grade. Learn why findings have a decay and lifetime period.
Duration: 60 Days
Weight
The File Sharing risk vector contributes to the weight of the User Behavior risk category, which aggregates the weights of all risk vectors in the category to 2.5% towards Bitsight Security Ratings.
Weight: 2.5%
Remediation
Review File Sharing findings.
Downloading content through approved channels, such as products directly from the software maker's corporate site or music through a mainstream music source, is the safest method for obtaining desired content because that content has been verified for authenticity.
- File Sharing events coming from your company's infrastructure can be found in the Findings page. The User Behavior Forensics add-on package provides specific details about File Sharing events.
- Use a firewall with Deep Packet Inspection to block torrent activity, as BitTorrent is difficult to block using standard port range rules.
Finding Behavior
Rescan
The Bitsight platform regularly checks for new observations. A finding Rescan updates findings as these observations change, e.g., newly observed Diligence findings or an existing finding was remediated.
Behavior:
- Data Rescan Cycle: Daily
- User-Requested Rescan Duration: Not Available
Remediated
The file sharing activity has ceased.
Behavior: The finding stops impacting ratings when it completes its lifetime (60 days).
- March 25, 2024: “No findings/low findings” changed to “insufficient data.”
- August 17, 2023: New Grading & Finding Behavior sections.
- October 29, 2020: Use the Findings page to search findings instead of the User Behavior tab.
Feedback
0 comments
Please sign in to leave a comment.