Censys Insights – Our Take on the Verizon 2021 Data Breach Investigation Report
It’s that time of year again when we review the research results from the Verizon Data Breach Investigation Report (DBIR). This annual report examines global cyber incidents and breaches across all sizes and types of companies. Not only is the DBIR very thorough and well written, but we also find it interesting to see what is changing and how much has stayed the same. Here are our key takeaways from the DBIR as it pertains to the increasing need for organizations to implement an attack surface management strategy and a solution like Censys Attack Surface Management (ASM).
Digital transformation is expanding attack surfaces
First, servers [web apps, cloud environments, VMs, etc.] continued to be the primary target for attackers in breaches and incidents in 2021, by 2x-4x times over people. While social engineering continues to ensnare employees, the explosion of digital transformation and web applications is creating a rapidly expanding and diverse target field for threat actors to exploit. At Censys, we are seeing these attack surfaces becoming more complex, distributed globally, and growing by over 150% each year with more than 65% of high and critical vulnerabilities residing in the cloud.
Unknown assets are a persistent issue
Another interesting, but not surprising finding, is that assets – previously unknown, untracked, or unmanaged – contributed 10x more incidents than other assets. Why is that? The DBIR found that approximately 37% of organizations’ internet-facing vulnerabilities were at least five to ten years old. Simply put, organizations can’t and don’t patch what they don’t know about – which turns out to be quite a lot.
Legacy security tools, and even some of the more modern tools, provide limited views of an organization’s online inventory, often missing older servers, hosts running in unmanaged clouds, or hosts running under subsidiary domains. “These older vulnerabilities are what attackers continue to exploit.” Security teams just can’t keep up, as it takes 75 days to patch around 40% of the issues found from organizations’ vuln management scans. “The patching performance this year in organizations has not been stellar. Granted, it’s never been great.” The threat of known vulnerabilities in off-the-radar web applications is significant, with this type of exploitation often leading to repurposing the application for malware distribution as seen here.
Misconfigurations aren’t going away
Human error continues to be a consistent factor in cyber security incidents and breaches, with misconfiguration of assets accounting for about half of all breaches in 2021. System administrators and developers created the misconfiguration action about 85% of the time. “When people in these roles do make mistakes, the scope is often of much greater significance than of the average end-user. This combination can often wreak havoc on the confidentiality of an organizations’ data, or that of their customers’ or employees. We frequently observe data stores (such as relational or documental databases or cloud-based file storage) being placed on the internet with no controls.” Censys internet scans are full of examples of these types of misconfiguration. As of May 2, 2022 we had recorded 294,465 hosts with Redis and more than 36,000 Elasticsearch hosts exposed to the public internet.
Censys’ Attack Surface Management is critical to your security team
This is why more than ever, you need Censys ASM. Censys invented internet-wide scanning and has built the best and most up-to-date perspective of global internet-facing assets. We’ve coupled this with the most advanced discovery algorithm to create the strongest external Attack Surface Management solution on the market today. Censys ASM is the most comprehensive inventory of all of your internet-facing assets and risks, regardless of type, account, network, or location, including unknown and unmanaged assets, and all public-facing cloud instances.
Censys ASM does not require connectors, agents, or system authentication to run. Censys ASM is an automated solution that runs continuously in the background, quickly alerting your organization to newly spun-up risks from unknown, unmanaged, and misconfigured assets, including cloud accounts. Censys ASM is an active cyber security solution that allows users to fully investigate risks, and send for remediation through integrations with leading SIEM, SOAR, and IT ticketing systems.
Censys ASM provides the industry-best, and most actionable security assessment of your external attack surface. Learn how Censys’ industry-lead ASM solution can help you avoid a security incident or breach.
Sign up for our monthly demo to see ASM in action.