https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2022 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Channel Partners 101 (CP 101)
  • Events
    • Back
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2022 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Channel Partners 101 (CP 101)
  • Events
    • Back
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

MSSP Insider


Shutterstock

Risk, Threat, Vulnerability Assessment

Tenable Research: Publicly Known Vulnerabilities Increased in 2020

  • Written by Edward Gately
  • January 14, 2021
Ransomware was by far the most popular attack vector in 2020.

Common vulnerabilities and exposures (CVEs), or publicly known security vulnerabilities, jumped again last year,  according to new Tenable research.

This led to some of the worst-ever cyberattacks.

From 2015-2020, the number of reported CVEs increased by nearly 37% per year. The 18,358 CVEs reported in 2020 represent a 6% increase over the 17,305 reported in 2019 and a 183% increase over the 6,487 disclosed in 2015.

Prioritizing which vulnerabilities warrant your attention is more challenging than ever, and not all vulnerabilities are created equal.

Summer was the high point for CVEs last year, according to Tenable.

Ransomware Gangs Active in 2020

Satnam Narang is staff research engineer at Tenable. He said the three VPN vulnerabilities in Citrix, Pulse Secure and Fortinet were alarming. That’s because they underscores the lack of cyber hygiene in place for many organizations.

And it wasn’t just COVID-19 that made 2020 unique for cybercrime, he said.

Tenable's Satnam Narang

Tenable’s Satnam Narang

“A seed was planted in December 2019 when the Maze ransomware gang launched a leak website, where stolen data were used to name and shame their victims into paying the ransom demand,” Narang said. “In 2020, a total of 18 ransomware gangs launched leak websites of their own, underscoring just how successful this newfound extortion tactic has become.”

Additionally unique was the news of further experimentation by one of these ransomware groups, he said. It not only extorts victims through their leak website, but also launches distributed denial of service (DDoS) attacks against their websites.

“An organization’s website is the primary vehicle for communication,” Narang said. “And during an incident like a breach, it becomes the destination for customers to get up-to-date information. This DDoS attack eliminates that avenue of communication, putting added pressure on the victim to pay the ransom demand.”

Zero-Day Vulnerabilities

Tenable identified 29 net-new zero-day vulnerabilities disclosed in 2020. Of those, more than 35% were browser-related vulnerabilities, while nearly 29% were within operating systems.

From January-October, 730 publicly disclosed events resulted in over 22 billion records exposed.

Among industries, health care led at 25%, followed by education at 13%. Health care breaches alone accounted for nearly 8 million records exposed. Government and technology were also frequent targets

Ransomware was by far the most popular attack vector in 2020.

“One thing that surprised us when analyzing the data around breaches was the fact that nearly a quarter of the breaches we reviewed had no root cause associated with them,” Narang said. “This was an unexpected finding for our team.”

The research highlights just how dynamic and expansive the corporate attack surface is, he said.

The threats organizations faced in 2020 aren’t going to disappear; in fact, they’re likely to get more frequent and damaging.

“Many of these organizations are turning to MSSPs to help understand these threats and, ultimately, thwart them,” Narang said. “This is an opportunity for MSSPs and other security providers to serve as trusted advisers, helping clients secure their increasingly complex environments.”

More Vulnerabilities Expected This Year

Many of the trends observed are likely to remain in place, Narang said.

“We expect 2021 to be another banner year for vulnerability disclosures across the spectrum,” he said. “And unpatched vulnerabilities will continue to pose a problem for organizations as a favorite vector for bad actors.”

If and when organizations move their workforces back to the office, the systems and infrastructure spun up to support the remote workforce will be targeted if they’re not adequately dismantled or kept up to date, Narang said.

“Ransomware continues to remain the most serious threat to businesses, as cybercriminals’ extortion tactics have proven to be a lucrative endeavor,” he said. “Breaches will remain a problem for many organizations, as we expect to see more attacks linked to third parties and supply chains.”

Tags: MSPs Channel Research Cloud and Edge Endpoint MSSP Insider Security

Most Recent


  • Twenty, 20
    The CF List: 2022's Top 20 CCaaS Providers You Should Know
    AI is a game-changer in CCaaS.
  • Job cuts
    Malwarebytes Layoffs Impact Workers as Part of Strategy Shift
    The layoffs aren't a reaction to market conditions.
  • CPaaS
    Avaya OneCloud, Infobip, Bandwidth Identified as Top CPaaS Providers
    Survey data was collected from end-user reviews.
  • Advantage
    Skyhigh Security Adds Nutanix, Dell Vets to Channel Leadership Team
    Skyhigh Security will share more about its upcoming partner program in early 2023.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Security Vulnerability
    Older Fortinet Vulnerabilities Lead to Attack on Local Government Office
  • Threats
    Cybersecurity and Threat Protection: MSSPs, Get Your Advice Here
  • DevSecOps
    ServiceNow, Microsoft Set to Deliver Broad SecOps Integration
  • Dunce Cap Businessman
    Tired of MSSPs ‘Failing,’ Nuspire Debuts Platform to Combat Cyberattacks

Upcoming Events

View all

MSP Summit

September 13, 2022 - September 16, 2022

Channel Partners Conference & Expo

May 1, 2023 - May 4, 2023

Galleries

View all

As Broadcom Deal Looms, VMware Revamps Partner Connect in a Big Way

August 18, 2022

The CF List: 2022’s Top 20 CCaaS Providers You Should Know

August 18, 2022

Skyhigh Security Adds Nutanix, Dell Vets to Channel Leadership Team

August 18, 2022

Industry Perspectives

View all

How to Take Shared Responsibility for Securing Cloud

August 11, 2022

Seize the Application Modernization Opportunity

August 2, 2022

A Growth Mindset: Your Organization’s Strategic Differentiator

August 1, 2022

Webinars

View all

Outsmarting RaaS: Implementation Strategies To Help Your Clients Before, During, and After a Ransomware Attack

August 23, 2022

Why it is Important to Upgrade Aging Servers and How to use Live Optics to Upgrade Efficiently

August 25, 2022

Executives at Home are Not Alright: An Intro to Digital Executive Protection

September 8, 2022

White Papers

View all

Work Goes Remote – (and Other Top ITOps Trends)

May 25, 2022

The New Bottom Line: How MSPs Can Meet the Healthcare Crisis While Evolving Their Businesses

April 19, 2022

How to build a Security Operations Center (on a budget)

April 4, 2022

Channel Futures TV

View all

ThreatLocker Preaches Zero Trust, Addresses Industry Competition

Microsoft Targeting Partners to Sell Teams, Windows 365 to SMBs, More

August 15, 2022

ScienceLogic Debuts New Partner Portal

August 9, 2022

Vonage a ‘Single Communications Stack Provider’ for Partners, Customers

June 27, 2022

Twitter

ChannelFutures

#CoffeeWithCraigandJames features Lynn Tinney of @ZayoGroup and @patrickoborn of @Telarus. dlvr.it/SWsl0t https://t.co/YjWTOIdJwm

August 18, 2022
ChannelFutures

The @TDSYNNEX personnel changes and restructure begs the question: is this the death of communities, or rather an e… twitter.com/i/web/status/1…

August 18, 2022
ChannelFutures

.@Infobip, @bandwidth and @Avaya have earned top spots as #CPaaS providers, according to @SW_Reviews.… twitter.com/i/web/status/1…

August 18, 2022
ChannelFutures

From mentorship to DE&I efforts, channel leaders from @ScienceLogic and @Lenovo speak about women's leadership.… twitter.com/i/web/status/1…

August 18, 2022
ChannelFutures

[email protected] Security adds @nutanix, @DellTech vets to channel leadership team. #cybersecurity dlvr.it/SWsDTq https://t.co/X5z7tCiATx

August 18, 2022
ChannelFutures

.@Malwarebytes layoffs impact 125 workers as part of shift in GTM strategy. #cybersecurity dlvr.it/SWsBl6 https://t.co/8fo2BtnfAr

August 18, 2022
ChannelFutures

Get ready for the inside scoop on @VMware’s changes to @VMware_Partners. #PartnerConnect is getting some big enhanc… twitter.com/i/web/status/1…

August 18, 2022
ChannelFutures

Our latest #CFList highlights top #CCaaS providers, with @Avaya, @Microsoft, @8x8, @Vonage, @Five9, @awscloud,… twitter.com/i/web/status/1…

August 18, 2022

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X