Table of Contents
Overview
The Ransomware Analysis Report surfaces the latest ransomware data from companies in your Total Risk Monitoring portfolio. It lets you view and estimate the likelihood of a data breach at a company based on three key metrics: Bitsight rating, presence of specific vulnerabilities, and performance against key risk vectors.
With this report, you can:
- See which companies in your portfolio are affected by specific vulnerabilities
- Determine the likelihood of a breach at a monitored company
- Track the latest ransomware incidents across your portfolio
- Leverage and compare reports month-to-month
- Prioritize your security response with real data
This report is available to SPM and Continuous Monitoring application users.
Generating this Report
Reading this Report
This report surfaces exposures to five vulnerabilities that are linked to increased likelihood of attack. Likelihood is further calculated based on a company’s Bitsight rating and its performance against the Patching Cadence, TLS/SSL Certificates, and TLS/SSL Configuration risk vectors. It measures of ransomware vulnerability with their associated likelihoods of breach.
The likelihood of breach associated with each metric does not stack. For example, a company that is vulnerable to DROWN is 1.3× more likely to suffer a breach from DROWN. If that same company also has a grade of D or F in the Patching Cadence risk vector, it is 7.3× more likely to suffer a breach based on Patching Cadence. The values are not aggregated.
There are three tabs on the Ransomware Analysis report:
- Dashboard: Filters data based on tier, industry, and folder.
- Rating & RV: Surfaces companies in your portfolio based on their Bitsight rating and their performance against specific risk vectors.
- Vulnerability List: Surfaces companies in your portfolio based on specific ransomware vulnerabilities.
The Dashboard Tab
This tab filters data based on tier, industry, and folder. To filter the data further, you can choose to include or exclude specific companies using the Name filter. Narrowing the scope of the report with filters allows you to explore and address risk in specific areas of your portfolio.
The Dashboard tab has three sections:
Section Name | Description |
---|---|
How to Read This Report | Provides guidance on how the report was developed and how to read it. |
Summary |
Displays the total number of companies in your portfolio at each rating and risk vector threshold as well as the total number impacted by specific vulnerabilities. It is broken down by the overall rating distribution, vulnerability exposure, and risk vector grades of companies in your portfolio. Select an item in the Rating Distribution, Patching Cadence, TLS/SSL Certificates, or TLS/SSL Configurations tables to explore the associated group of companies in detail. |
Latest Ransomware Incidents | Track and explore ransomware incidents at the companies in your portfolio. To learn more about each incident, hover over the company name in the Impacted Company column. |
The Rating & RV Tab
This tab surfaces companies in your portfolio based on their Bitsight rating and their performance against specific risk vectors. Filters include:
- Bitsight rating: filter by the overall rating of a company
- risk vector type: filter companies based on a specific risk vector
- risk vector grade: filter companies based on ratings in all three risk vectors
- tier: filter companies based on their level of importance in your portfolio
- name: select which companies are included in the report
- industry: select which industries are included in the report
- folder: select which folders are included in your report
The Vulnerability List Tab
This tab surfaces companies in your portfolio based on specific ransomware vulnerabilities. Filters include:
- vulnerability: filter companies based on detected vulnerabilities
- tier: filter companies based on their level of importance in your portfolio
- name: select which companies are included in the report
- industry: select which industries are included in the report
- folder: select which folders are included in your report
Downloading the Report
This report can be downloaded as a .csv, .png, or .pdf file. To download the report, select the Download button in the upper right corner of the report.
This report is not saved in the Bitsight platform, can't be Quick Shared, and can’t be scheduled ahead of time. To use this report for benchmarking, download a new version each month and save it for future reference.
Additional Resources
- Bitsight Blog: Evidence-Based Strategies to Lower Your Risk of Becoming a Ransomware Victim
- Bitsight Academy: Ransomware Analysis Report
- November 19, 2021: Published.
Feedback
0 comments
Please sign in to leave a comment.