It won’t have escaped the notice of people watching and reading the news about cyber breaches that such incidents have become more frequent as the potential bounties for those launching attacks increased. But just how frequent – and how costly – those attacks and breaches are is rarely considered on a grand scale. Until now.
Cyber exposure company Tenable has audited the scale and scope of data breaches and exposures throughout the course of 2021. And their findings give an indication of how enormous the danger is. At least 40,417,167,937 records were exposed worldwide in 2021, as calculated by Tenable’s Security Response Team’s analysis of 1,825 breach data incidents publicly disclosed between November 2020 and October 2021.
The number is a considerable increase on the same period in 2020, which saw 730 publicly disclosed events with just over 22 billion records exposed, says Tenable. It’s a remarkable indication of how large the threat is from cyber intrusion – and a reminder that behind every data record exposed, there’s an individual who could be put at risk of fraud.
An unprecedented scale
While the analysis of the data is by its very nature not fully transparent because the volume and type of data exposed aren’t always clear, there are some indications of the scale of the problem. Over 260 terabytes were stolen as a result of the data breaches. When it comes to calculating the number of files, documents, or emails breached, the number is over 1.8 billion files.
Delving deeper into the data, Tenable managed to look at how many times data breaches were linked to a specific root cause. Approximately 38% of all breaches analyzed were the result of a ransomware attack, up from 35% in 2020.
“Dozens of groups, like REvil, Conti, DarkSide, and more, dominated the headlines and continued to wreak havoc across a wide range of industries,” says Tenable. A quarter of the data breaches in 2021 had an unknown root cause, up slightly from 2020.
In 2021, there were 21,957 new CVEs assigned from January to November, a 20% increase over 2020, according to Tenable. There were also 105 zero-day vulnerabilities disclosed, a 262% increase over the 29 zero-days in 2020. Tenable also tracked data breaches: 1,825 occurred in the 12 months from October 2020 to October 2021. These metrics all represent upticks from 2020’s data, the company claims.
How to fix things
With such high risks involved, it can be difficult to steer clear of any danger while online. But there are some things that businesses can do to try and stop the risks of their information being breached and appearing online in an illicit marketplace.
“Migration to cloud platforms, reliance on managed service providers, software and infrastructure as a service have all changed how organizations must think about and secure the perimeter,” explains Claire Tills, senior research engineer at Tenable.
Tills’s advice for businesses is clear: “Modern security leaders and practitioners must think more holistically about the attack paths that exist within their networks and how they can efficiently disrupt them. By examining threat actor behavior, we can understand which attack paths are the most fruitful and leverage these insights to define an effective security strategy.”