An analysis of breach data by cybersecurity firm Tenable’s Security Response Team (SRT) has revealed that over 22 billion records were exposed worldwide as a result of 730 publicly disclosed security events from January through October 2020.
According to Tenable’s 2020 Threat Landscape Retrospective (TLR) report, 35 per cent of breaches analysed by Tenable were linked to ransomware attacks. These breaches have resulted in a “tremendous financial cost.”
Fourteen per cent of these breaches were the result of email compromises.
Also read: Quick Heal invests $2 m into Israeli startup
“One of the overarching themes of the threat landscape in 2020 was that threat actors relied on unpatched vulnerabilities in their attacks as well as chaining together multiple vulnerabilities as part of their attacks,” Tenable said.
The number of reported common vulnerabilities and exposures ( CVEs ) has increased by 6 per cent in 2020, compared to 2019, amounting to 18,358. As per the report, prioritising the vulnerabilities that require the most attention is more challenging than ever.
The report further found that pre-existing vulnerabilities in virtual private network (VPN) solutions are among the top targets for cybercriminals and nation-state groups.
Apart from this, cybercriminals are also increasingly targeting web browsers like Google Chrome, Mozilla Firefox, Internet Explorer and Microsoft Edge. Zero-day vulnerabilities targeting web browsers accounted for over 35 per cent of all zero-day vulnerabilities exploited.
Satnam Narang, Staff Research Engineer at Tenable, said, “A complex threat landscape, highly motivated threat actors and readily available exploit code translate into serious cyber attacks as reflected in this report. Many of the tactics used by bad actors are not sophisticated or didn’t require flexing too many mental muscles, making it more important than ever to patch vulnerabilities in a timely manner.”
Also read: ‘Organisations can take at least 93 days to realise hacking has taken place’
“To adapt in a digital and distributed world, every industry sector and business model is reliant on technology. Hence, pausing for a retrospective provides cybersecurity professionals with an important opportunity to identify gaps and refine strategies to make their organisations more secure. In 2021, it’s essential that we have the tools, awareness and intelligence to effectively reduce risk and eliminate blind spots. It’s only through looking at where we’ve come from that we can effectively plan for what lies ahead,” he added.
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.