Over 40 billion records were exposed globally in 2021

Tenable, the cyber exposure company revealed that approximately 40 billion data were exposed worldwide in 2021.The company’s security response team examined 1,825 breach data incidents publicly disclosed between November 2020 and October 2021.

This analysis is detailed in the company’s 2021 Threat Landscape Retrospective (TLR) report, that includes an overview of the attack path and vulnerabilities threat actors favour, plus insights that will help organisations prepare to face the oncoming challenges in 2022.

In 2021, there were 21,957 common vulnerabilities and exposures reported, a 19.6 per cent increase over the 18,358 reported in 2020 and a 241 percent increase over the 6,447 disclosed in 2016. Vulnerabilities grew at a 28.3 per cent annual percentage growth rate from 2016 to 2021.

“Modern security leaders and practitioners must think more holistically about the attack paths that exist within their networks and how they can efficiently disrupt them.” – @ClaireTills

Download our TLR today to protect your organization:https://t.co/REjFTcfAt8

— Tenable (@TenableSecurity) January 25, 2022

By understanding threat actor behaviour, organisations can effectively prioritise security efforts to disrupt attack paths and protect critical systems and assets. Analysis of the events for this report found that many are readily mitigated by patching legacy vulnerabilities and addressing misconfigurations to help limit attack paths.

While ransomware had a monumental impact on organisations in 2021, responsible for approximately 38 per cent of all breaches, six per cent of breaches were the result of unsecured cloud databases.

Meanwhile, software libraries and network stacks used commonly amongst OT devices often introduced additional risk when security controls and code audits were not in place.

Also, the healthcare and education experienced the greatest disruption from data breaches, the report stated.

“Migration to cloud platforms, reliance on managed service providers, software and infrastructure as a service have all changed how organizations must think about and secure the perimeter,” explained Claire Tills, senior research engineer, Tenable. “Modern security leaders and practitioners must think more holistically about the attack paths that exist within their networks and how they can efficiently disrupt them. By examining threat actor behaviour, we can understand which attack paths are the most fruitful and leverage these insights to define an effective security strategy.”

Read: Here’s how businesses can navigate the cyberthreat landscape