Posted by Mumbai: Data breaches in 2020 exposed over 22 billion records, revealed data breach analysis from Tenable – a cyber exposure company.
Data breaches in 2020
About 730 publicly disclosed events occurred between the period January to October 2020. This resulted into exposure of over 22 billion records globally, according to Tenable’s Security Response Team (SRT) analysis.
Among all the data breaches — ransomware attacks linked to 35% breaches causing financial losses and email were compromised in 14% breaches.
Unpatched Vulnerabilities
One of the overarching themes of the threat landscape in 2020 was that threat actors relied on unpatched vulnerabilities in their attacks as well as chaining together multiple vulnerabilities as part of their attacks.
Tenable’s 2020 Threat Landscape Retrospective (TLR) report analysis provides an overview of the key vulnerabilities disclosed or exploited in the 12 months ending December 31, 2020.
As organisations globally prepare to face the new cybersecurity challenges looming in 2021, it’s crucial to pause and take a look back at the most critical vulnerabilities and risks from the past year.
Understanding of enterprise systems affected by the year’s vulnerabilities can help organisations learn which flaws trigger the greatest risk.
CVEs
From 2015 to 2020, the number of reported common vulnerabilities and exposures (CVEs) increased at an average annual percentage growth rate of 36.6%.
From 2019 to 2020 there’s a 6% increase in the number of CVE reported — from 17,305 CVEs in 2019 to 18,358 CVEs in 2020. And a 183% increase over the 6,487 disclosed in 2015.
Prioritizing which vulnerabilities warrants attention is more challenging than ever. Two notable trends from the report are:
Many of the virtual private network (VPN) solutions comes with pre-existing vulnerabilities. Although such vulnerabilities were disclosed in 2019 or earlier but cybercriminals still exploit them.
Web browsers like Google Chrome, Mozilla Firefox, Internet Explorer and Microsoft Edge are the primary target for zero-day vulnerabilities, accounting for over 35% of all zero-day vulnerabilities exploited in the wild.
Fixing unpatched vulnerabilities, implementing strong security controls for remote desktop protocol, ensuring endpoint security is up-to-date and regularly performing security awareness training are steps organisations can take to thwart some of these attacks.
“The 18,358 vulnerabilities disclosed in 2020 alone reflects a new normal and a clear sign that the job of a cyber defender is only getting more difficult as they navigate the ever-expanding attack surface,” said Satnam Narang, Staff Research Engineer – Tenable.
A complex threat landscape, highly motivated threat actors and readily available exploit code translate into serious cyberattacks as reflected in this report.
Interestingly, many of the bad actors-used tactics weren’t sophisticated or didn’t require flexing too many mental muscles. So it makes more important than ever to patch vulnerabilities in a timely manner, explained Narang.
“Pausing for a retrospective provides cybersecurity professionals with an important opportunity to identify gaps and refine strategies to make their organisations more secure,” added Narang.
“In 2021, it’s essential that we have the tools, awareness and intelligence to effectively reduce risk and eliminate blind spots. It’s only through looking at where we’ve come from that we can effectively plan for what lies ahead,” he concluded.