According to research by Tenable, at least 40 billion records were exposed worldwide in 2021, a considerable increase on the same period in 2020, which saw 730 publicly disclosed events with just over 22 billion records exposed. The analysis is detailed in Tenable’s 2021 Threat Landscape Retrospective report which includes an overview of the attack path and vulnerabilities threat actors favour, plus insights that will help organisations prepare to face the oncoming challenges in 2022.
Ransomware had a monumental impact on organisations in 2021, responsible for approximately 38% of all breaches and 6% of breaches were the result of unsecured cloud databases.
“Migration to cloud platforms, reliance on managed service providers, software and infrastructure as a service have all changed how organisations must think about and secure the perimeter,” said Claire Tills, Senior Research Engineer at Tenable. “Modern security leaders and practitioners must think more holistically about the attack paths that exist within their networks and how they can efficiently disrupt them. By examining threat actor behaviour we can understand which attack paths are the most fruitful and leverage these insights to define an effective security strategy.”
Staying on top of patching assets is difficult enough given the sheer volume of disclosed vulnerabilities, but in 2021 it was even more challenging due to incomplete patches, miscommunications from vendors and patch bypasses. In 2021, there were 21,957 common vulnerabilities and exposures (CVEs) reported, representing a 19.6% increase over the 18,358 reported in 2020 and a 241% increase over the 6,447 disclosed in 2016. From 2016 to 2021 the number of CVEs increased at an average annual percentage growth rate of 28.3%.