India ranks second in total number of data breaches exposed in 2022: Report

Around 2.29 billion records were exposed worldwide in data breach incidents in 2022, with India accounting for 20% of the total, taking it to the second position, a new report revealed on Wednesday. 

According to the report by cybersecurity firm Tenable, about 1,335 breach data incidents were publicly disclosed between November 2021 and October 2022. Of the 1,335 breaches analysed globally, 143 breaches occurred in Asia Pacific and Japan, resulting in a whopping 68 % of total records exposed globally, the report said. 

In comparison, organisations in North America, Europe, the Middle East, and Africa accounted for a combined 31% of records exposed. 

"We issued this same warning in 2020 and 2021. Yet, two years later, such flaws remain one of the biggest risks in the vulnerability landscape. Unpatched vulnerabilities provide attackers with the most cost-effective and straightforward way to gain the initial access into or elevate privileges within organisations," said Satnam Narang, senior staff research engineer at Tenable. 

The findings also showed that the threat actors continue to find success with known and proven exploitable vulnerabilities that organisations have failed to patch or remediate successfully. 
 
Further, the report said that about 33% of the attackers were a result of ransomware, while 17% of cyber-attacks were due to unsecured databases in India. Healthcare (11%) and retail (11%) sectors were the most targeted sectors in India, followed by financial services (6%), education (6%), professional and technical services (6%), and public administration (6%), the report said. 

In the APAC region, 29 % of the breaches were a result of ransomware attacks, followed by attacks that weren't categorised (28 %), phishing/email compromise (9%), unsecured databases (8%) and exploitation of known and existing vulnerabilities (6 %), among others. 

Others reports in recent months have also highlighted that increase in security threats in Indian organisations. According to a report published earlier this month by Google-owned threat analytics company Mandiant a majority of businesses in India (75%) make cybersecurity decisions without insights into the threat actor targeting their infrastructures. The claims come from, which said that 75% respondents make most of their cybersecurity decisions without attacker’s insights, which proves to be dangerous for their organisations.

Meanwhile, another report published by market research firm Gartner on 14 February showed that spending on security and risk management is set to touch $2.65 billion in 2023. The analyst firm said that security spending will grow by 8.3% this year as compared to 2022.