https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

MSSP Insider


Shutterstock

Risk, Threat, Vulnerability Assessment

Tenable Research: Publicly Known Vulnerabilities Increased in 2020

  • Written by Edward Gately
  • January 14, 2021
Ransomware was by far the most popular attack vector in 2020.

Common vulnerabilities and exposures (CVEs), or publicly known security vulnerabilities, jumped again last year,  according to new Tenable research.

This led to some of the worst-ever cyberattacks.

From 2015-2020, the number of reported CVEs increased by nearly 37% per year. The 18,358 CVEs reported in 2020 represent a 6% increase over the 17,305 reported in 2019 and a 183% increase over the 6,487 disclosed in 2015.

Prioritizing which vulnerabilities warrant your attention is more challenging than ever, and not all vulnerabilities are created equal.

Summer was the high point for CVEs last year, according to Tenable.

Ransomware Gangs Active in 2020

Satnam Narang is staff research engineer at Tenable. He said the three VPN vulnerabilities in Citrix, Pulse Secure and Fortinet were alarming. That’s because they underscores the lack of cyber hygiene in place for many organizations.

And it wasn’t just COVID-19 that made 2020 unique for cybercrime, he said.

Tenable's Satnam Narang

Tenable’s Satnam Narang

“A seed was planted in December 2019 when the Maze ransomware gang launched a leak website, where stolen data were used to name and shame their victims into paying the ransom demand,” Narang said. “In 2020, a total of 18 ransomware gangs launched leak websites of their own, underscoring just how successful this newfound extortion tactic has become.”

Additionally unique was the news of further experimentation by one of these ransomware groups, he said. It not only extorts victims through their leak website, but also launches distributed denial of service (DDoS) attacks against their websites.

“An organization’s website is the primary vehicle for communication,” Narang said. “And during an incident like a breach, it becomes the destination for customers to get up-to-date information. This DDoS attack eliminates that avenue of communication, putting added pressure on the victim to pay the ransom demand.”

Zero-Day Vulnerabilities

Tenable identified 29 net-new zero-day vulnerabilities disclosed in 2020. Of those, more than 35% were browser-related vulnerabilities, while nearly 29% were within operating systems.

From January-October, 730 publicly disclosed events resulted in over 22 billion records exposed.

Among industries, health care led at 25%, followed by education at 13%. Health care breaches alone accounted for nearly 8 million records exposed. Government and technology were also frequent targets

Ransomware was by far the most popular attack vector in 2020.

“One thing that surprised us when analyzing the data around breaches was the fact that nearly a quarter of the breaches we reviewed had no root cause associated with them,” Narang said. “This was an unexpected finding for our team.”

The research highlights just how dynamic and expansive the corporate attack surface is, he said.

The threats organizations faced in 2020 aren’t going to disappear; in fact, they’re likely to get more frequent and damaging.

“Many of these organizations are turning to MSSPs to help understand these threats and, ultimately, thwart them,” Narang said. “This is an opportunity for MSSPs and other security providers to serve as trusted advisers, helping clients secure their increasingly complex environments.”

More Vulnerabilities Expected This Year

Many of the trends observed are likely to remain in place, Narang said.

“We expect 2021 to be another banner year for vulnerability disclosures across the spectrum,” he said. “And unpatched vulnerabilities will continue to pose a problem for organizations as a favorite vector for bad actors.”

If and when organizations move their workforces back to the office, the systems and infrastructure spun up to support the remote workforce will be targeted if they’re not adequately dismantled or kept up to date, Narang said.

“Ransomware continues to remain the most serious threat to businesses, as cybercriminals’ extortion tactics have proven to be a lucrative endeavor,” he said. “Breaches will remain a problem for many organizations, as we expect to see more attacks linked to third parties and supply chains.”

Tags: MSPs Channel Research Cloud and Edge Endpoint MSSP Insider

Related


  • SMB cybersecurity
    SMBs’ Cybersecurity Risk Awareness Is Rising
    The majority of SMBs would switch MSPs for the right cybersecurity support.
  • Business hands together, diversity
    Survey: A Closer Look at Diversity in the Channel Community in 2021
    The survey is designed to gain a deeper understanding of our channel community, amplifying diversity and inclusion.
  • Cybersecurity Roundup
    Democrats to Take Charge of Federal Cybersecurity in Election Aftermath
    Democrats will have their hands full when dealing with federal cybersecurity.
  • DC Capitol Riot
    US Capitol Rioters Pose Cybersecurity Threat Due to Device Access, Theft
    It's not yet known what all the rioters got their hands on or saw.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Daunting Year Ahead: 12 Cybersecurity Predictions for 2021
  • High Stress, Demand for Security Services Among MSP Pain Points
  • How FortiSOAR Can Help MSSPs Provide Differentiated Service Portfolios
  • Barracuda Researchers Say Hackers Know Their Targets, Getting Smarter

Galleries

View all

New, Changing Partner Programs: AWS, Tech Data, Avaya, Verizon

January 11, 2021

Industry Perspectives

View all

The Right Data Migration Tool Helps Schools Move to Cloud During COVID Crisis

January 19, 2021

Cloud-Based CRM: What SMBs Need to Know about Backup and Recovery

January 19, 2021

Cybersecurity: What to Expect in 2021

January 19, 2021

Webinars

View all

Blueprint for a Scalable MSSP Practice in 2021

January 21, 2021

Who’s Behind the Mask? Hacker Personas Explained

January 26, 2021

Your Network Perimeter Has Changed

February 18, 2021

White Papers

View all

Why Subscription Business Model

January 15, 2021

The Ultimate MSP Guide to Sales Efficiency

January 14, 2021

Eight Reasons Why MSPs Need IT Industry-Specific Sales Tools

January 14, 2021

Upcoming Events

View all

Channel Partners Virtual

March 2, 2021 - March 4, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

Our latest #Cybersecurity Roundup features @BitSight and @kovrrIns, @Vectra_AI and @AppOmniSecurity,… twitter.com/i/web/status/1…

January 20, 2021
ChannelFutures

.@solarwinds hackers target @Malwarebytes, impacting internal emails. #cybersecurity dlvr.it/RqzkZp https://t.co/aWqLjCCW9y

January 20, 2021
ChannelFutures

.@citrix $2.25 deal to acquire @wrike expands @CitrixPartners network into collaborative work management.… twitter.com/i/web/status/1…

January 20, 2021
ChannelFutures

.@Carbonite Migrate uses real-time replication to move workloads to #cloud with minimal risk and near-zero downtime… twitter.com/i/web/status/1…

January 20, 2021
ChannelFutures

Backup and recovery is essential for #cloud-based CRMs @ConnectWise #SaaS #dataprotection #cloudbackup #databackup… twitter.com/i/web/status/1…

January 19, 2021
ChannelFutures

You an #MSSP looking to avoid a #SolarWinds-type breach? @Asigra, @Barracuda, @CynetSystems give advice. Don’t blam… twitter.com/i/web/status/1…

January 19, 2021
ChannelFutures

What to expect in 2021 @Webroot #cybersecurity #MSP #remoteworkforce #remoteworking #Carbonite… twitter.com/i/web/status/1…

January 19, 2021
ChannelFutures

From #itautomation to #workfromhome, a look at 2021 trends from @BitTitan. dlvr.it/RqwFZg https://t.co/EkCeJVNAPo

January 19, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X