Data breaches expose over 40 billion records in 2021

New figures released today from cyber exposure company Tenable show that over 40 billion records were exposed in data breach incidents last year, a whopping 78 percent increase over the previous year.

The company's 2021 Threat Landscape Retrospective report is based on analysis of 1,825 incidents publicly disclosed between November 2020 and October 2021. Since many reports didn't include details of the number of records breached the true figure is likely to be far higher.

The report finds ransomware was responsible for approximately 38 percent of all breaches and that six percent of breaches were the result of unsecured cloud databases.

Threat groups, particularly those delivering ransomware, have increasingly exploited vulnerabilities and misconfigurations in Active Directory. Ransomware groups have also favored physical supply chain disruption as a tactic to extort payment, while cyberespionage campaigns exploited the software supply chain to access sensitive data.

Software libraries and network stacks, used commonly amongst operational technology devices, often introduce additional risk when security controls and code audits are not in place.

"Migration to cloud platforms, reliance on managed service providers, software and infrastructure as a service have all changed how organizations must think about and secure the perimeter," says Claire Tills, senior research engineer at Tenable. "Modern security leaders and practitioners must think more holistically about the attack paths that exist within their networks and how they can efficiently disrupt them. By examining threat actor behavior we can understand which attack paths are the most fruitful and leverage these insights to define an effective security strategy."

Staying on top of patching software is difficult anyway given the sheer volume of disclosed vulnerabilities, but in 2021 it was made even more challenging due to incomplete patches, miscommunications from vendors and patch bypasses. In 2021, there were 21,957 common vulnerabilities and exposures (CVEs) reported, this represents a 19.6 percent increase over the 18,358 reported in 2020 and a 241 percent increase over the 6,447 disclosed in 2016.

The full report is available from the Tenable site and there'll be a webinar to discuss the findings and offer guidance for security teams on February 1st.

Image credit: Den Rise / Shutterstock