Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Botnet activity inside organisations predicts likelihood of future data breach

John E Dunn | April 13, 2015
Those with highest activity 2.2 times more likely to have been breached.

Organisations showing evidence of botnets inside their networks are not only more likely to suffer a data breach, the level of botnet activity correlates directly to increased risk, security analytics firm BitSight has suggested after analysing incidents at more than 6,000 companies.

That botnets augur badly for an organisation's chances of suffering a data breach sounds obvious - botnets are often designed to pillage the credentials used in attacks after all - but the fact that greater botnet activity increases risk still further is still an intriguing finding.

BitSight spent the year up to March 2015 looking at the security ratings it had handed out to 6,273 mostly US-based firms of 1,000 employees and larger using a range of worrying security symptoms to calculate grades from A (best) to F (worst)

In total, 199 (3.3 percent) had suffered a disclosed data breach and 96.7 hadn't, which were then both checked to see whether security symptoms (spam, compromised servers, botnets, malware) lined up with a higher risk of being in the former group.

The 1,536 organisations with the lowest grade of botnet activity (grade A) turned out to have suffered breaches on 26 occasions (1.7 percent of the total) while the 4,536 organisations showing higher levels of botnets (grade B) had suffered breaches on 172 occasions (a 3.7 percent incidence).

Although not a massive difference in absolute terms, the figures suggest that firms with higher botnet activity were on the basis of this sample 2.2 times more likely to have suffered a data breach, a statistically significant contrast.

Breaking this down by sector showed that education was the poorest performer, perhaps not a surprise. This sector had the smallest number of grade A networks (the best) and the highest number of grade F networks (the worst).

Utilities was the next worst performer, ahead of data breach hotspot healthcare, retail, in that order. Finance was the best performing sector, differences BitSight has commented on before.

Much of the botnet data was fed into the analysis from sensors deployed by Portuguese security firm AnubisNetworks, acquired by BitSight last October.

One detail from the education figures is that it is not only PCs and servers that are at risk of generating botnet traffic. One of the prime causes of high botnet activity at US universities turned out to be Mac malware such as the Flashback Trojan, something BitSight reported in a previous analysis.

But what in the end an be inferred from this correlation apart from the obvious point that botnets are bad news?

Logically, if we follow that botnets stand out above other negative security measurements, detecting botnets offers a new way of predicting the likelihood of a future breach.


1  2  Next Page 

Sign up for Computerworld eNewsletters.