More than 40 billion records exposed worldwide in 2021: report
More than 40 billion records were exposed worldwide as a result of data breaches in 2021, according to research by Cyber Exposure company Tenable.
According to research, at least 40,417,167,937 records were exposed globally in 2021, as calculated by Tenable’s Security Response Team analysis of 1,825 disclosed data breach incidents publicly between November 2020 and October 2021.
This is a significant increase (nearly 78%) over records exposed during the same period in 2020, which saw 730 publicly disclosed events with just over 22 billion records exposed.
This figure could also be significantly higher.
Of the 1,825 breaches analyzed, 236 occurred in APAC, with at least 3,463,489,341 records exposed, representing 8.6% of the global tally.
The analysis was detailed in Tenable’s 2021 Threat Landscape Retrospective (TLR) report and includes an overview of the attack path and vulnerabilities favored by threat actors, as well as insights that will help organizations prepare for face the challenges ahead in 2022.
“By understanding threat actor behavior, organizations can effectively prioritize security efforts to disrupt attack paths and protect critical systems and assets. Analysis of events for this report revealed that many are easily mitigated by patching legacy vulnerabilities and fixing misconfigurations to help limit attack paths,” Tenable said.
Ransomware had a huge impact on organizations in 2021. It was responsible for approximately 38% of all breaches globally and 31% of breaches in APAC.
In Asia Pacific, 10% of breaches were due to insecure cloud databases, which is higher than the global average (6%).
Additionally, unpatched SSL VPNs continued to provide an ideal entry point for attackers to perform cyber espionage, exfiltrate sensitive and proprietary information, and encrypt networks, according to the report.
“Threat groups, especially ransomware, are increasingly exploiting vulnerabilities and misconfigurations in Active Directory,” he added.
Additionally, ransomware groups have favored physical disruption of the supply chain as a tactic to extort payments, while cyber espionage campaigns have exploited the software supply chain to gain access to sensitive data, according to the research. .
While healthcare and education were the most targeted industries globally, the tech industry and governments were APAC’s top targets for breaches.
“Throughout 2021, CERT-In published advisories on how unpatched vulnerabilities in Microsoft Active Directory and web browsers were leading causes of cyberattacks such as ransomware among Indian organizations. Tenable’s research correlates with these trends, as ransomware groups in APAC have exploited known, unpatched vulnerabilities to carry out attacks. The report provides security leaders in India with insight into why outdated cybersecurity strategies need to change with the evolving threat landscape,” said Satnam Narang, Research Engineer at Tenable.
“In 2022, the increased reliance on digital systems combined with the use of digital currencies will financially motivate attackers to ply their trade. It is important for security managers to understand how threat actors performed in 2021, in order to that they can formulate effective and proactive cybersecurity strategies in 2022 to raise the barrier of entry,” Narang added.
Staying on top of patches is hard enough given the sheer volume of disclosed vulnerabilities, but in 2021 it was even harder due to incomplete patches, poor vendor communications, and patch bypasses. In 2021, 21,957 common vulnerabilities and exposures (CVEs) were reported, representing a 19.6% increase from the 18,358 reported in 2020 and a 241% increase from the 6,447 disclosed in 2016. From 2016 to 2021, the number of CVEs increased at an average annual percentage growth rate of 28.3%.
January 23, 2022