A Report Reveals Worldwide Exposure Of Total 22 Billion Records In All Data Breaches of 2020
The latest report released on Friday reveals that more than 22 billion records have been compromised all around the globe in a total of 730 data breaches that were disclosed in 2020. These data breaches took place from January and through October in 2020. Out of the 730 data breaches, according to Tenable’s Security Response Team, fourteen percent of the attacks were the forthcoming of breached emails and another thirty-five percent of the attacks are considered to be the ransomware attacks that led to huge loss of finances. Most of the bad actors behind the attacks and breaches in 2020 mostly depended on the vulnerabilities or bugs that weren’t fixed and also by using several vulnerabilities all at once.
Satnam Narang, a staff research engineer at Tenable, said in the report that “Each day, cybersecurity professionals around the world face a fresh stream of vulnerabilities that could place their organizations at risk. The scale and scope of the challenge is staggering — particularly in light of the ever-expanding attack surface of IT, operational technology (OT), and internet of things (IoT) devices — and the rush to prioritize and remediate the next new threat leaves little time for reflection. Remediation needs to be handled with a risk-based approach, with a clear understanding of the impact patching will have on business operations, before deploying to a live environment. This is no small task for an organization of any size and can be especially difficult for those with large and diverse environments.”
Satnam Narang also explains that “From 2015 to 2020, the number of reported CVEs increased at an average annual percentage growth rate of 36.6%. The 18,358 CVEs reported in 2020 represent a 6% increase over the 17,305 reported in 2019 and a 183% increase over the 6,487 disclosed in 2015. The fact that for the last three years we have seen over 16,000 CVEs reported annually reflects a new normal for vulnerability disclosure. For the average security professional, prioritizing which of these vulnerabilities warrants your attention is more challenging than ever, and not all vulnerabilities are created equal.”
The report further explains that every serious significant vulnerability or bug does not have a name and logo and all the vulnerabilities and bugs with name and logo should not be considered serious and significant. All other factors should be considered to analyze the criticality of any vulnerability or bug, like the ease of exploitation and exploited code, etc.
Thirty-five percent of the total zero-day vulnerabilities that were exploited include web browsers as their favorite or main target. The targeted web browsers include Internet Explorer, Google Chrome, Mozilla Firefox, and Microsoft Edge. Web browsers act as the gateways and securing your business browsers can secure your entire network and avoid attacks/breaches.
Cybersecurity researchers believe “Pre-existing vulnerabilities in virtual private network (VPN) solutions — many of which were initially disclosed in 2019 or earlier — continue to remain a favorite target for cybercriminals and nation-state groups. Organizations that have yet to prioritize patching these flaws are at extreme risk of being breached. Add in the dramatic workforce changes necessitated by the COVID-19 pandemic and it’s clear that securing your VPN solutions is more critical than ever.”
The report consists of other subheadings that cover topics like You Can’t Judge a Book by the Cover, Remote Workforce Raises New Levels of Concern, Everything Old Is New Again, For Ransomware, Extortion Is the Key, and many other topics. Researchers also suggested that “Yet, as we prepare to face the new cybersecurity challenges looming in 2021, we believe taking the time for a look back can provide valuable lessons and important context to help cybersecurity professionals identify gaps in their practices and refine their strategies with an eye toward improving their risk-based approach to vulnerability management.”