Over 12,000 Vulnerabilities Discovered in 2021 So Far
Security firm Risk Based Security published its mid-year reports on the state of vulnerabilities and data breaches discovered in the first half of the current year. The free documents contained some interesting figures and insights relating to the dynamics of the infosec world and the global infosec landscape as a whole.
The data breach report reflected a year-over-year decrease of 32%, comparing total leaked records and not the number of actual breaches disclosed. The 27 billion records that leaked in the first half of 2020 have shrunk to 18 billion in the current year. Sadly, this is not much of a consolation, as the shrink in breached databases and leaked records comes at the cost of a surge in vulnerabilities discovered.
Still on the topic of data breaches, the reports revealed that a very significant 352 leaks also involved a tangential ransomware attack. Disturbingly, healthcare institutions and organizations seem to be among the organizations with the weakest security measures in place, with nearly 240 healthcare data breaches in the first half of 2021, at the top of the chart.
On the vulnerabilities front, Risk Based Security collected and collated 12,700 vulnerabilities disclosed in the first six months of the year 2021. This represents an increase of nearly 3% compared to the first half of 2020.
Of those 12 thousand vulnerabilities, a good 1,400 are exploitable remotely, but also have a mitigating solution already available. However, another 900 vulnerabilities disclosed in the first half of 2021 are both remotely exploitable and have no currently available mitigation measures.
Perhaps to the chagrin and confusion of Linux fans, Debian was heading the chart for the first six months of 2021 when it comes to products with newly disclosed vulnerabilities. Not too surprisingly, given the market share of their products, Microsoft led the vulnerabilities chart when it comes to vendors.
Both Google and Oracle also scored high on the list, with each logging more than 500 new vulnerabilities for their products revealed in the first half of the year.