Procurement organizations working with suppliers in Brazil may be putting their companies at risk. A new report says companies operating in Brazil pose the highest cyber risks for vendors and business partners due to poor security practices.
The report comes from BitSight Technologies, a Cambridge, Massachusetts-based firm that provides security ratings to help companies manage third-party risks. BitSight examined a random sample of 250 companies per country in Brazil, China, Germany, Singapore, the United Kingdom and the United States between May 2015 and 2016 to determine the different IT security risks and practices across the globe.
The report found Brazil had the lowest aggregate security rating throughout the year and does the poorest job of preventing and mitigating machine compromise from botnet infections, which is when a network of computers has unknowingly been infected with malicious software. BitSight research also found a correlation between botnet infections and data breaches. Companies that struggle to prevent and mitigate botnet attacks are more than twice as likely to experience a publicly disclosed breach, according to the report.
Additional Security Concerns
Brazil also scored poorly when it came to using proper protocols to secure communications over the internet. Brazil and China had the highest number of companies (14.4%) operating services vulnerable to Heartbleed, a type of Secure Sockets Layer (SSL) vulnerability that allows an attacker to trick a system to share information such as login data. Singapore had 12.8% and Germany had 11.6% of companies operating services vulnerable to Heartbleed attacks. The U.S. and U.K. had 8%, comparatively.
The U.S., however, scored lower when it came fighting other types of cyber attacks. Nearly half of the U.S. companies running systems vulnerable to FREAK attacks and 82% of companies running systems vulnerable to POODLE, the most prevalent SSL vulnerability, according to the report. FREAK attacks can lead to secure communications between vendors and partners becoming encrypted, and POODLE attacks are “man-in-the middle” events that steal information.
Another possible cyber threat BitSight assessed in its report was peer-to-peer file sharing on corporate networks. While file sharing may not always be risky, it could still pose harm if the files shared contain malware without employees knowing. Nearly half of companies in Brazil (46.8%) experienced some file sharing event between May 2015 and May 2016, as did 36.4% of companies in China. Germany had the lowest rate of peer-to-peer file sharing, which may be due to strict laws around file sharing in the country, the report said.
China scored the lowest for email security protocols. Brazil also ranked low for email security, as did Germany.
According to Bitsight, companies need to understand how their vendors around the globe are protecting data to properly assess and manage the level of risk the business relationship poses.
“Sharing sensitive data with global partners and vendors is important for conducting business efficiently but risk managers and security professionals should be aware of potential cyber risks that may arise across borders,” the report said.