According to Tenable, the Cyber Exposure firm, at least 40,417,167,937* records were exposed globally in 2021, as determined by Tenable’s Security Response Team’s study of 1,825 publicly announced breach data incidents between November 2020 and October 2021. This is up from 730 publicly announced occurrences with just over 22 billion data exposed over the same time period in 2020. This research is outlined in Tenable’s 2021 Threat Landscape Retrospective (TLR) report, which contains a summary of the attack path and vulnerabilities that threat actors prefer, as well as insights that will help enterprises prepare for the challenges ahead in 2022.
Organizations can efficiently prioritise security operations to disrupt attack vectors and protect important systems and assets by studying threat actor behaviour. Many of the events investigated for this research can be easily mitigated by patching legacy vulnerabilities and fixing misconfigurations, which can help limit attack routes.
“Migration to cloud platforms, reliance on managed service providers, software and infrastructure as a service have all changed how organizations must think about and secure the perimeter,” explains Claire Tills, Senior Research Engineer, Tenable.
She added,“Modern security leaders and practitioners must think more holistically about the attack paths that exist within their networks and how they can efficiently disrupt them. By examining threat actor behavior we can understand which attack paths are the most fruitful and leverage these insights to define an effective security strategy. ”
Patching assets is difficult enough given the sheer frequency of vulnerabilities revealed, but in 2021 it became much more harder due to partial patches, vendor miscommunications, and patch bypasses. There were 21,957 common vulnerabilities and exposures (CVEs) reported in 2021, up 19.6% from 18,358 in 2020 and 241% more than the 6,447 declared in 2016. The number of CVEs increased at an average yearly percentage growth rate of 28.3 percent from 2016 to 2021.
Tenable’s Security Response Team monitors and reports on vulnerabilities and security incidents throughout the year, advising security professionals on how to plan their response methods. The team’s work allows them to keep a close eye on the threat’s ever-changing dynamics.