Cybercriminals often exploit leaked/stolen sensitive user information to perform various cyberattacks, including phishing and identity theft. The rising information leaks on dark web forums show that no one is immune to data breach incidents. According to Tenable’s 2021 Threat Landscape Report, over 40 billion records were exposed worldwide in 2021.
Tenable’s Security Response Team analyzed 1,825 data breach incidents disclosed between November 2020 and October 2021. Some 21,957 common vulnerabilities and exposures were reported in 2021, representing a 19.6% increase over the 18,358 reported in 2020.
Other key findings from the report:
- Ransomware had a monumental impact on organizations in 2021, responsible for approximately 38% of all breaches.
- 6% of data breaches were the result of unsecured cloud databases.
- Unpatched SSL VPNs continue to provide an ideal entry point for attackers to perform cyberespionage, exfiltrate sensitive and proprietary information, and encrypt networks.
- Threat groups, particularly ransomware, have increasingly exploited vulnerabilities and misconfigurations in Active Directory.
- When security controls and code audits are not in place, software libraries and network stacks commonly used amongst OT devices often introduce additional risks.
- Ransomware groups favored physical supply chain disruption as a tactic to extort payment, while cyberespionage campaigns exploited the software supply chain to access sensitive data.
- Health care and education experienced the most significant disruption from data breaches.
“Migration to cloud platforms, reliance on managed service providers, software, and infrastructure as a service have all changed how organizations must think about and secure the perimeter. Modern security leaders and practitioners must think more holistically about the attack paths within their networks and how they can efficiently disrupt them. By examining threat actor behavior, we can understand which attack paths are the most fruitful and leverage these insights to define an effective security strategy,” said Claire Tills, Senior Research Engineer, Tenable.
Learn more about Yeo & Yeo Technology’s customized cybersecurity solutions.