Tenable, an exposure management company, has said that about 2.29 billion records were exposed worldwide in 2022.

This shows a marked decrease compared to 2021, where 40 billion records were exposed. This was matched by a comparable decline in the number of files exposed in 2022 at 389 million against 1.8 billion in the previous year.

Despite the steep decline in records and files exposed, the total volume of data exposed as part of breach events in 2022 remained flat at 257 Terabytes, compared with 260 Terabytes in 2021.

Also read: Cyber security firm CyberArk opens R&D centre in Hyderabad

Releasing the Tenable 2022 Threat Landscape Report, Tenable’s Security Response Team said it analysed 1,335 data breach incidents publicly disclosed between November 2021 and October 2022.

“Of the 1,335 breaches, as many as 143 breaches were reported in Asia Pacific and Japan, constituting 68 per cent of the total records exposed globally,” it said.

“Threat actors continue to find success with known and proven exploitable vulnerabilities that organisations have failed to patch or remediate successfully,” said Satnam Narang, senior staff research engineer at Tenable. 

He said the company issued a similar warning in 2020 and in 2021.

“Unpatched vulnerabilities provide attackers with the most cost-effective and straightforward way to gain the initial access into or elevate privileges within organisations,” he said.

What’s surprising is, some vulnerabilities, which date back to 2017, were still being exploited by attackers. The organisations that failed to apply vendor patches for these vulnerabilities were at increased risk of attacks throughout 2022. 

The top exploited vulnerabilities within this group include several high-severity flaws in Microsoft Exchange.

Ransomware attacks

In the APAC region, about 29 per cent of the breaches were a result of ransomware attacks. This was followed by attacks that weren’t categorised (28 per cent), phishing/email compromise (9 per cent), unsecured databases (8 per cent) and exploitation of known and existing vulnerabilities (6 per cent).

In India, 33 per cent of the attacks were a result of ransomware, while 17 per cent of cyberattacks were due to unsecured databases. The arts, entertainment, and recreation sectors witnessed the highest number of attacks in APAC at 11 per cent, followed by retail, (10 per cent), public administration (10 per cent) and healthcare (9 per cent) sectors.