Over 22 bn records exposed in data breaches last year

Analysis of breach data by Tenable’s Security Response Team (SRT) has revealed that, from January through October 2020, there were 730 publicly disclosed events resulting in over 22 billion records exposed worldwide.
Thirty-five per cent of breaches were linked to ransomware attacks, resulting in tremendous financial cost, while 14 per cent of breaches were the result of email compromises.
One of the overarching themes of the threat landscape in 2020 was that threat actors relied on unpatched vulnerabilities in their attacks as well as chaining together multiple vulnerabilities as part of their attacks.
This analysis has been published in Tenable’s 2020 Threat Landscape Retrospective (TLR) report which provides an overview of the key vulnerabilities disclosed or exploited in the 12 months ending December 31, 2020.
As organisations around the world prepare to face the new cybersecurity challenges looming in 2021, it’s crucial to pause and take a look back at the most critical vulnerabilities and risks from the past year.
Understanding which enterprise systems are affected by the year’s vulnerabilities can help organisations understand which flaws represent the greatest risk.
From 2015 to 2020, the number of reported common vulnerabilities and exposures (CVEs) increased at an average annual percentage growth rate of 36.6 per cent.
In 2020, 18,358 CVEs were reported, representing a 6 per cent increase over the 17,305 reported in 2019, and a 183 per cent increase over the 6,487 disclosed in 2015.
Prioritising which vulnerabilities warrants attention is more challenging than ever. Two notable trends from the report are:
Pre-existing vulnerabilities in virtual private network (VPN) solutions — many of which were initially disclosed in 2019 or earlier — continue to remain a favourite target for cybercriminals and nation-state groups.
Web browsers like Google Chrome, Mozilla Firefox, Internet Explorer and Microsoft Edge are the primary target for zero-day vulnerabilities, accounting for over 35 per cent of all zero-day vulnerabilities exploited in the wild.
Fixing unpatched vulnerabilities, implementing strong security controls for remote desktop protocol, ensuring endpoint security is up-to-date and regularly performing security awareness training are steps organisations can take to thwart some of these attacks.