New research by exposure management company Tenable revealed 2.29 billion records were exposed worldwide in 2022, as calculated by Tenable’s Security Response Team’s analysis of 1,335 breach data incidents publicly disclosed between November 2021 and October 2022.
The Tenable 2022 Threat Landscape Report analyses and categorises important vulnerability data and examines the cyber attackers’ behaviour to assist organisations in informing their security programs and prioritising security efforts to focus on areas of greatest risk and disrupt attack paths, ultimately reducing their system’s exposure to cyber incidents.
What were the findings of Tenable’s research?
Of the 1,335 breaches analysed globally, 143 breaches occurred in APAC, resulting in 1,561,990,339 exposed records and representing 68% of the global tally. In comparison, firms in the West, the Middle East and Africa accounted for a combined 31% of records exposed.
Also, the report revealed that ransomware remained the most common root cause in 2022, causing approximately 35% of all breaches, and 29% in APAC. Additionally, 9% of breaches in this region were the result of phishing and email compromise, on par with the global average.
Furthermore, the research found that cloud misconfigurations affect even the most mature organisations. Both Microsoft and Amazon experienced breaches of sensitive information due to misconfigurations in their cloud environments. In APAC, almost 8% of all data breaches in 2022 were caused by unsecured databases, higher than the global average of 3%.
Whilst healthcare and public administration remain the most-targeted industries worldwide, APAC shows another picture, with organisations categorised under the ‘Arts, Entertainment and Recreation’ industry and Retail being the two largest victims of breaches. Supply chain vulnerabilities continue to haunt firms still reeling from the Log4Shell vulnerability, exposed late in 2021, with more disclosed risks in common libraries and dependencies.
What does this mean for organisations?
Perhaps most alarming for organisations were known vulnerabilities, in instances dating back to 2017, still being used by attackers. The report findings show that cyber threat actors continue to find success with known and proven exploitable vulnerabilities that organisations have failed to patch or remediate successfully. The organisations that failed to implement vendor patches for these vulnerabilities were at increased risk of attacks throughout 2022.
The top exploited vulnerabilities within this group include several high-severity flaws in Microsoft Exchange and virtual private network solutions from Fortinet, Citrix and Pulse Secure. For the other four most commonly exploited vulnerabilities – including Log4Shell; Follina; an Atlassian Confluence Server and Data Center flaw; and ProxyShell – the patches and effective mitigations were highly publicised and readily available for implementation.
To further show that known vulnerabilities are the biggest problem, CVE-2021-21974 was recently in the news when a two-year-old vulnerability in VMware‘s ESXi servers was exploited by hackers. Tenable telemetry found that (among those who scanned for the vulnerability in February 2023) as of February 13, only 34% of firms had fixed this specific threat before wide reporting of the attacks. Once it got enough attention, remediation jumped to 87%.
What are Tenable’s thoughts on the report results?
Satnam Narang, Senior Staff Research Engineer at Tenable, explained, “The 2021 -2022 Australian Cyber Security Centre’s (ACSC) Annual Cyber Threat Report highlighted ransomware and the exploitation of publicly reported software vulnerabilities as the two most condemnable root causes of cyber incidents and data breaches among Australian organisations.”
“Our findings show a similar trend, in that most data breaches in APAC stem from the same origins, as seen in the most recent string of high-profile data breaches which compromised the private data of millions of Australians. The constant evolution of the modern digital environment introduces new challenges for security practitioners,” continued Narang.
“Successful security programs must take a comprehensive approach and understand where their most sensitive data and systems lay and what vulnerabilities or misconfigurations pose the greatest risk. Given the brisk rate of cloud migration, preventing attacks requires full visibility into all assets and exposures, extensive context into potential security threats, and clear metrics to objectively measure and analyse the potential cyber risk,” he concluded.