4

Billions of records exposed by security breaches in 2020, says Tenable

 3 years ago
source link: https://www.itwire.com/security/billions-of-record-exposed-by-security-breaches-in-2020,-says-tenable.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Friday, 15 January 2021 10:40

Billions of records exposed by security breaches in 2020, says Tenable

By Peter Dinham

Thirty-five percent of security breaches in 2020 were caused by ransomware attacks, resulting in tremendous financial cost, while between January and October last year, 730 "publicly disclosed events" resulted in over 22 billion records being exposed, according to a report from security vendor Tenable.

According to Tenable, 14.4% of security breaches in 2020 were the result of email compromises and 18,358 new Common Vulnerabilities and Exposures (CVEs) were reported in 2020 - representing a 6% increase from 2019 and a 183% increase from 2015. And from 2015 to 2020, the number of reported CVEs increased at an annual percentage growth rate of 36.6%.

Tenable’s 2020 Threat Landscape Retrospective also found that:

  • Over 35% of all zero-day flaws exploited were browser vulnerabilities in Google Chrome, Mozilla Firefox, Internet Explorer and Microsoft Edge.
  • In 2020, 18 ransomware groups were operating leak websites that name and shame victims to secure ransom demands.  

Tenable also lists key takeaways of its report as:

  • Headline vulnerabilities shouldn’t always be the main focus. Not every critical vulnerability had a name and logo given to it and conversely not every vulnerability with a name and logo should be seen as critical.
  • Remote working still raises concerns. The array of new solutions organisations implemented in 2020 to support remote working and distance learning raise concerns that can only be addressed through diligent patching and implementing the right security controls.
  • Unpatched vulnerabilities in VPNs are still gold for cyber attackers. Pre-existing vulnerabilities in VPN solutions continue to be a favourite target for cybercriminals and nation-state groups.

And according to the Tenable report, the top 5 vulnerabilities of 2020 were:

  1. Zerologon (CVE-2020-14720)
  2. Citrix ADC/Gateway/SDWAN WAN-OP (CVE-2019-19871)
  3. Pulse Connect Secure SSL VPN (CVE-2019-11510)
  4. Fortinet Fortigate SSL VPN (CVE-2018-13379)
  5. F5 BIG-IP (CVE-2020-5902)  

“Every day, cybersecurity professionals in Australia and the rest of the world are faced with new challenges and vulnerabilities that can put their organisations at risk,” says Satnam Narang, Staff Research Engineer at Tenable. 

“The 18,358 vulnerabilities disclosed in 2020 alone reflects a new normal and a clear sign that the job of a cyber defender is only getting more difficult as they navigate the ever-expanding attack surface. 

“A complex threat landscape, highly motivated threat actors and readily available exploit code translate into serious cyber attacks as reflected in this report. Many of the tactics used by bad actors are not sophisticated or didn’t require flexing too many mental muscles - making it more important than ever to patch vulnerabilities in a timely manner."

Narang says that to adapt in a digital and distributed world, “every industry sector and business model is reliant on technology. Hence, pausing for a retrospective provides cybersecurity professionals with an important opportunity to identify gaps and refine strategies to make their organisations more secure”.

“In 2021, it’s essential that we have the tools, awareness and intelligence to effectively reduce risk and eliminate blind spots. It’s only through looking at where we’ve come from that we can effectively plan for what lies ahead.”

Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK