Mean time to remediate most common critical vulnerabilities remains over 2 months
Edgescan, a leading international provider of risk-based vulnerability management and penetration testing, released its much anticipated annual ‘Vulnerability Statistics Report’. This comprehensive data set sheds light on the critical IT vulnerabilities that continue to pose a significant threat to organizations worldwide.
One of the most alarming findings: critical vulnerabilities from as far back as 2015 are still being discovered and leveraged today by malicious actors. This highlights the urgent need for organizations to prioritize vulnerability management and ensure their systems are adequately and proactively protected against these growing threats.
Additional findings from the 2023 report include:
- More than 33% of the vulnerabilities discovered during the reporting period were classified as ‘critical’ or ‘high severity’.
- SQL Injection remains the foremost critical vulnerability in web applications, accounting for 19.47% of vulnerabilities detected and requiring 15 days to remedy. SQL Injection is where hackers force a website into providing access to private information and gain database access by manipulating query data.
- Cross-Site Scripting (Stored) was responsible for 10.5% of High/Critical Security Vulnerabilities and averaging 100 days to remedy. Cross-Site Scripting (Stored) can lead to stolen personal information like usernames and passwords, redirect users to malicious websites, or even take control of the user’s account. It allows attackers to exploit the data that users have access to in a website, potentially leading to identity theft, financial loss, or other security breaches.
- Malicious File Upload was responsible for 7.25% of High/Critical Severity Vulnerabilities requiring 117 days to remedy. Malicious File Upload is when attackers upload viruses or malware onto a website, usually through forms or file upload features. These files can then be used to infect visitors’ devices or compromise the security of the website itself.
Eoin Keary, Founder & CEO of Edgescan, “Our Vulnerability Statistics Report serves as a wake-up call to organizations across industries and around the world. Despite advancements in cybersecurity, the persistence of critical vulnerabilities from several years ago is a clear indication that organizations need to do much more to adopt and manage proactive and comprehensive vulnerability strategies.”
By understanding the evolving threats and implementing effective safeguards, organizations can protect their systems and data from the devastating impact of ransomware, malware, and other malicious types of cyberattacks. Edgescan remains at the forefront of vulnerability management, helping organizations identify and remediate vulnerabilities before they can be exploited.
Methodology
The 2024 Vulnerability Statistics Report is Edgescan’s ninth edition. Each year, Edgescan reviews the results of thousands of security assessments and penetration tests on millions of assets performed globally by the Edgescan Cybersecurity Platform. The Edgescan platform and team validate all vulnerabilities presented. Thus, this report provides a unique glimpse into the actual state of risk worldwide today.
Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!