Security Performance Management
Continuous Monitoring
Cyber Insurance
National Cybersecurity

Articles in this section

See more

Ransomware Analysis Report

Avatar
Jessica
Follow
Publication Date – November 19, 2021

Table of Contents

Overview

The Ransomware Analysis Report surfaces the latest ransomware data from companies in your Total Risk Monitoring portfolio. It lets you view and estimate the likelihood of a data breach at a company based on three key metrics: Bitsight rating, presence of specific vulnerabilities, and performance against key risk vectors.

With this report, you can:

  • See which companies in your portfolio are affected by specific vulnerabilities
  • Determine the likelihood of a breach at a monitored company
  • Track the latest ransomware incidents across your portfolio
  • Leverage and compare reports month-to-month
  • Prioritize your security response with real data

This report is available to SPM and Continuous Monitoring application users.

  1. Open the Reports page and locate the Ransomware Analysis Report card.
  2. Mouseover the card and select Create. The report is automatically generated.
  3. Use the tabs at the top of the report to view specific groupings of data.
  4. Use the filters on each tab to narrow the data presented.

Reading this Report

This report surfaces exposures to five vulnerabilities that are linked to increased likelihood of attack. Likelihood is further calculated based on a company’s Bitsight rating and its performance against the Patching Cadence, TLS/SSL Certificates, and TLS/SSL Configuration risk vectors.

The likelihood of breach associated with each metric does not stack. For example, a company that is vulnerable to DROWN is 1.3 times as likely to suffer a breach from DROWN. If that same company also has a grade of D or F in the Patching Cadence risk vector, it is 7.3 times as likely to suffer a breach based on Patching Cadence. The values are not aggregated.

A screenshot from the Ransomware Analysis Report showing a group of three tables. The first table has a column indicating a company's rating and a column indicating the likelihood of a ransomware attack based on that rating. The second table has a column listing vulnerabilities and a column indicating the likelihood of a ransomware attack based on those vulnerabilities. The third table has a column indicating a company's risk vector grade and three columns showing the likelihood of a ransomware attack based on that grade. The risk vectors listed are Patching Cadence, TLS/SSL Certificates, and TLS/SSL Configurations.

Measures of ransomware vulnerability with their associated likelihoods of breach.

There are three tabs on the Ransomware Analysis report:

  • Dashboard: Filters data based on tier, industry, and folder.
  • Rating & RV: Surfaces companies in your portfolio based on their Bitsight rating and their performance against specific risk vectors.
  • Vulnerability List: Surfaces companies in your portfolio based on specific ransomware vulnerabilities.

The Dashboard Tab

This tab filters data based on tier, industry, and folder. To filter the data further, you can choose to include or exclude specific companies using the Name filter. Narrowing the scope of the report with filters allows you to explore and address risk in specific areas of your portfolio.

The Dashboard tab has three sections:

Section Name Description
How to Read This Report Provides guidance on how the report was developed and how to read it.
Summary

Displays the total number of companies in your portfolio at each rating and risk vector threshold as well as the total number impacted by specific vulnerabilities. It is broken down by the overall rating distribution, vulnerability exposure, and risk vector grades of companies in your portfolio.

Select an item in the Rating Distribution, Patching Cadence, TLS/SSL Certificates, or TLS/SSL Configurations tables to explore the associated group of companies in detail.
Latest Ransomware Incidents Track and explore ransomware incidents at the companies in your portfolio. To learn more about each incident, hover over the company name in the Impacted Company column.

The Rating & RV Tab

This tab surfaces companies in your portfolio based on their Bitsight rating and their performance against specific risk vectors. Filters include:

  • Bitsight rating: filter by the overall rating of a company
  • risk vector type: filter companies based on a specific risk vector
  • risk vector grade: filter companies based on ratings in all three risk vectors
  • tier: filter companies based on their level of importance in your portfolio
  • name: select which companies are included in the report
  • industry: select which industries are included in the report
  • folder: select which folders are included in your report

The Vulnerability List Tab

This tab surfaces companies in your portfolio based on specific ransomware vulnerabilities. Filters include:

  • vulnerability: filter companies based on detected vulnerabilities
  • tier: filter companies based on their level of importance in your portfolio
  • name: select which companies are included in the report
  • industry: select which industries are included in the report
  • folder: select which folders are included in your report

Downloading the Report

This report can be downloaded as a .csv, .png, or .pdf file. To download the report, select the Download button in the upper right corner of the report.

This report is not saved in the Bitsight platform, can't be Quick Shared, and can’t be scheduled ahead of time. To use this report for benchmarking, download a new version each month and save it for future reference.

Additional Resources

Related articles