ETFOptimize | High-performance ETF-based Investment Strategies

Quantitative strategies, Wall Street-caliber research, and insightful market analysis since 1998.
ETFOptimize | HOME
Close Window
Recent Quotes
My Watchlist
Indicators
Markets
Stocks
ETFs
Tools
Markets:
Overview
News
Currencies
International
Treasuries

Tenable Research: Known Vulnerabilities Pose Greatest Threat to Organizational Security

By: via GlobeNewswire

COLUMBIA, Md., Feb. 28, 2023 (GLOBE NEWSWIRE) -- Tenable®, the Exposure Management company, today released its annual 2022 Threat Landscape Report, which validates the persistent threat posed by known vulnerabilities – those for which patches have already been made available – as the primary vehicle for cyberattacks. The findings are based on the Tenable Research team’s analysis of cybersecurity events, vulnerabilities and trends throughout 2022, including an analysis of 1,335 data breach incidents publicly disclosed between November 2021 and October 2022.

The Tenable Threat Landscape Report categorizes important vulnerability data and analyzes attacker behavior to help organizations inform their security programs and prioritize security efforts to focus on areas of greatest risk and disrupt attack paths, ultimately reducing exposure to cyber incidents. Of the events analyzed, more than 2.29 billion records were exposed, which accounted for 257 Terabytes of data. More than 3% of all data breaches identified were caused by unsecured databases, accounting for leaks of over 800 million records.

Threat actors continue to find success with known and proven exploitable vulnerabilities that organizations have failed to patch or remediate successfully. According to the Tenable report, the number one group of most-frequently exploited vulnerabilities represents a large pool of known vulnerabilities, some of which were originally disclosed as far back as 2017. Organizations that failed to apply vendor patches for these vulnerabilities were at increased risk of attacks throughout 2022.

The top exploited vulnerabilities within this group include several high-severity flaws in Microsoft Exchange, Zoho ManageEngine products and virtual private network solutions from Fortinet, Citrix and Pulse Secure. For the other four most commonly exploited vulnerabilities – including Log4Shell; Follina; an Atlassian Confluence Server and Data Center flaw; and ProxyShell – patches and mitigations were highly publicized and readily available. In fact, four of the first five zero-day vulnerabilities exploited in the wild in 2022 were disclosed to the public on the same day the vendor released patches and actionable mitigation guidance.

“The data highlights that long-known vulnerabilities frequently cause more destruction than the shiny new ones,” said Bob Huber, chief security officer and head of research, Tenable. “Cyberattackers repeatedly find success exploiting these overlooked vulnerabilities to obtain access to sensitive information. Numbers like these conclusively demonstrate that reactive post-event cybersecurity measures aren’t effective at mitigating risk. The only way to turn the tide is to shift to preventive security and exposure management.”

While adopting a cloud-first posture enables businesses to grow and scale, it also introduces new forms of risk, as silent patches and security hardening are often completed by cloud service providers (CSPs) without any notice. Vulnerabilities impacting CSPs are not reported in a security advisory, assigned a CVE identifier or mentioned in release notes. This lack of transparency makes it challenging for security teams to accurately assess risk and report to stakeholders.

In addition to vulnerability and misconfiguration analysis, the report examines prolific attack groups and their tactics. Ransomware remained the most common attack method used in successful breaches. Previous Tenable Research on the ransomware ecosystem found that the multi-million dollar ransomware ecosystem is fueled by double extortion and ransomware-as-a-service models, which make it easier than ever for cybercriminals who lack technical skills to commoditize ransomware.

The LockBit ransomware group, a known user of double and triple extortion tactics, dominated the ransomware sphere, accounting for 10% of analyzed ransomware incidents, followed by the Hive ransomware group (7.5%), Vice Society (6.3%) and BlackCat/ALPHV (5.1%).

To download a complimentary copy of the report today, please visit: https://www.tenable.com/cyber-exposure/2022-threat-landscape-report

An accompanying blog post titled “Tenable's 2022 Threat Landscape Report: Reduce Your Exposure by Tackling Known Vulnerabilities” can also be found here.

About Tenable
Tenable® is the Exposure Management company. Approximately 43,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include approximately 60 percent of the Fortune 500, approximately 40 percent of the Global 2000, and large government agencies. Learn more at tenable.com.

Media Contact:
Tenable
tenablepr@tenable.com


Primary Logo

Recent Quotes

View More
Symbol Price Change (%)
AMZN  213.04
-1.43 (-0.67%)
AAPL  252.29
+4.84 (1.96%)
AMD  233.08
-1.48 (-0.63%)
BAC  51.28
+0.84 (1.67%)
GOOG  253.79
+1.91 (0.76%)
META  716.91
+4.84 (0.68%)
MSFT  513.58
+1.97 (0.39%)
NVDA  183.22
+1.41 (0.78%)
ORCL  291.31
-21.69 (-6.93%)
TSLA  439.31
+10.56 (2.46%)
Stock Quote API & Stock News API supplied by www.cloudquote.io
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the Privacy Policy and Terms Of Service.
© 2025 FinancialContent. All rights reserved.


 
IntelligentValue Home
Close Window

DISCLAIMER

All content herein is issued solely for informational purposes and is not to be construed as an offer to sell or the solicitation of an offer to buy, nor should it be interpreted as a recommendation to buy, hold or sell (short or otherwise) any security.  All opinions, analyses, and information included herein are based on sources believed to be reliable, but no representation or warranty of any kind, expressed or implied, is made including but not limited to any representation or warranty concerning accuracy, completeness, correctness, timeliness or appropriateness. We undertake no obligation to update such opinions, analysis or information. You should independently verify all information contained on this website. Some information is based on analysis of past performance or hypothetical performance results, which have inherent limitations. We make no representation that any particular equity or strategy will or is likely to achieve profits or losses similar to those shown. Shareholders, employees, writers, contractors, and affiliates associated with ETFOptimize.com may have ownership positions in the securities that are mentioned. If you are not sure if ETFs, algorithmic investing, or a particular investment is right for you, you are urged to consult with a Registered Investment Advisor (RIA). Neither this website nor anyone associated with producing its content are Registered Investment Advisors, and no attempt is made herein to substitute for personalized, professional investment advice. Neither ETFOptimize.com, Global Alpha Investments, Inc., nor its employees, service providers, associates, or affiliates are responsible for any investment losses you may incur as a result of using the information provided herein. Remember that past investment returns may not be indicative of future returns.

Copyright © 1998-2017 ETFOptimize.com, a publication of Optimized Investments, Inc. All rights reserved.