When you think of peer-to-peer file sharing you probably bring to mind services like Kazaa and Limewire that were among the early sites allowing users to share media, or of more recent operations like Pirate Bay.
But while it's easy to think of P2P in terms of individuals downloading music or movies, a new report from security rating company BitSight reveals that it’s a problem for businesses too.
BitSight looked at 30,700 organisations and observed file sharing activity in 23 per cent of companies using the BitTorrent protocol. Much of this activity is likely against corporate policies - although there are no published metrics on what percentage of companies prohibit P2P file sharing, many companies do have explicit rules against it.
Among the findings are that 43 per cent of application files and 39 per cent of games files shared contained malicious software. Grand Theft Auto V and Adobe Photoshop lead the respective lists of top torrented games and applications, the top five in each category being:
Top Torrented Games:
1. Grand Theft Auto V
2. The Sims 4
3. Mortal Kombat X
4. FIFA 15
5. The Witcher 3
Top Torrented Applications:
1. Adobe Photoshop
2. Microsoft Office
3. Microsoft Windows 8.1
4. Microsoft Windows 7
5. Microsoft Windows 10
The report also finds that there's a correlation between botnet activity and file sharing activity. And it reveals that more than a quarter of companies in the government, energy/utilities, and education industries have observed BitTorrent file sharing activity in the last six months.
"While the sharing and downloading of copyrighted or pirated content and applications over peer-to-peer typically violates most corporate policies, the behaviour continues to occur at a high rate. Movies and games often come to mind when organisations think about P2P file sharing; however, the majority of infected applications that we uncovered were either Adobe Photoshop, Microsoft Office or various verssions of the Microsoft Windows operating system," says Stephen Boyer, co-founder and CTO of BitSight Technologies. "Our analysis found a high degree of correlation between organisations participating in P2P activity and system compromises via malware infections. The high malware infection rates suggest that organisations with file sharing activity are more susceptible to machine takeover.
"File sharing activity can serve as one of many key risk indicators and should be considered not only internally, but also when assessing vendor risk, conducting M&A due diligence, and underwriting cyber insurance".
You can get more detail in a full copy of the report from the BitSight website.