Company’s Annual Report Reveals Record-Breaking Year for Vulnerabilities and Exploits Driving Need for Exposure Management
Skybox Security, a leading provider of Exposure Management solutions, today released its annual 2023 Vulnerability and Threat Trends Report from the Skybox Security Research Lab. The report uncovers a staggering 25% increase in the total number of new vulnerabilities published in 2022. The report, which uncovers increased vulnerabilities and evolving threats, underscores the need for organizations to adopt an exposure management program to accurately identify and prioritize the most pressing business risks to get ahead of the adversary.
New vulnerabilities are soaring
With 25,096 new vulnerabilities published in 2022, Skybox Research Lab witnessed the largest number of vulnerabilities ever reported in a single year and a 25% jump from the number of vulnerabilities published in 2021. The year-over-year rise in new vulnerabilities is the biggest seen since 2017, highlighting that vulnerabilities aren’t just rising; they’re rising faster. This brings the total number of vulnerabilities published over the last ten years to 192,051—a three-fold increase over a decade.
“2022 was a record-setting year for vulnerabilities, showing that attacks are increasing in speed and impact as threat actors target the most sensitive assets and seek to inflict as much damage as possible,” said Ran Abramson, threat intelligence analyst at Skybox Research Lab. “The numbers are astounding, and there are far too many vulnerabilities for cybersecurity teams to keep up with. It’s more critical than ever that need organizations to pivot away from reactive approaches to continuous exposure management.”
Most new vulnerabilities are medium and high severity
Skybox Research Lab found that 80% of vulnerabilities reported in 2022 were either medium or high severity. Only 16% were deemed critical, but that’s hardly reassuring as severity does not equal risk. Many threat actors specifically target less severe weaknesses, exploiting these vulnerabilities to gain access to a system and move laterally to escalate attacks.
Faced with a multitude of vulnerabilities and threats, security teams need better ways to cut through the noise and prioritize the most urgent issues. Advanced risk assessment solutions, by contrast, help security teams zero in on the issues that really matter and stop wasting time on the ones that don’t. This requires weighing a number of factors: not just severity but exploitability, exposure, asset importance, and, ideally, business impact.
Continuous Exposure Management re-levels the cybersecurity playing field
To grapple with growing cybersecurity complexity, security teams need a new approach that offers dramatic improvements in performance, efficiency and risk reduction known as continuous exposure management. To make the most of this modern, risk-based paradigm, organizations should implement solutions that:
- Take a holistic approach
- Maintain 360-degree visibility of the attack surface
- Discover and detect the full range of exposures
- Assess risk and prioritize
- Choose the appropriate remediation and automate responses
“In the face of economic pressures and ongoing cybersecurity talent shortages, continuous exposure management is a pragmatic and cost-effective approach to cybersecurity,” added Abramson. “By adopting this proactive approach, teams with limited resources can avoid overloading and concentrate on the risks that matter to their business.”
Read the full 2023 Vulnerability and Threat Trends Report.
The findings in this report, unless otherwise noted, are based on data from Skybox Research Lab, the threat intelligence division of Skybox. The team continuously monitors dozens of security sources, tracking and analyzing tens of thousands of vulnerabilities on thousands of products, along with the latest data on exploits and malware taking advantage of these vulnerabilities. Drawing on this research, Skybox Research Lab identifies the vulnerabilities most likely to impact our customers’ networks and assets. These vulnerabilities are combined with critical contextual information on whether and how the vulnerability has been exploited, the prevalence of the vulnerability, the malware that exploits it, the damage it can inflict, and optimal approaches to remediation. All of this information is exposed in our Continuous Exposure Management platform and used by Skybox customers.
Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!