Skybox Security Report Reveals Over 30,000 New Vulnerabilities Published in Past Year
26 Junio 2024 - 8:00AM
Business Wire
Annual Report Uncovers Major Gaps with
Traditional Vulnerability Management Leading to Long Exposure Times
and Increased Risk
Skybox Security Research Lab today released its annual 2024
Vulnerability and Threat Trends Report, revealing that last year
alone, over 30,000 new vulnerabilities were published — a rate of a
new vulnerability published every 17 minutes. The report highlights
a critical gap in remediation efforts, with the average time to
patch exceeding 100 days, contrasted against the finding that 75%
of new vulnerabilities are exploited in 19 days or less. These
findings underscore the urgent need for continuous exposure
management and modern vulnerability mitigation strategies to
safeguard against the growing risks of cyber attacks.
Focus Gap: Half of all 2023 vulnerabilities are classified as
high or critical severity
2023 witnessed a surge in vulnerabilities, with the National
Vulnerability Database (NVD) recording a 17% year-over-year
increase. Since the inception of the NVD thirty years ago, 234,579
CVEs have been cataloged, yet half of those have been discovered in
just the past five years. The pace at which vulnerabilities are
being published is accelerating, with a new vulnerability emerging
approximately every 17 minutes, an average of 600 new
vulnerabilities a week, according to Skybox Research Lab.
Skybox Research Lab found that over half of all newly discovered
vulnerabilities were classified as high or critical. This
overwhelming influx creates a “focus gap” for security teams. The
sheer volume of threats makes it difficult to prioritize
effectively, potentially leaving critical risks overlooked and
organizations exposed. The rise in vulnerabilities stems from
several ongoing industry concerns, including:
- A rapidly expanding attack surface with more interconnected
devices.
- Increasingly intricate software with hidden vulnerabilities in
third-party components.
- The positive trend of more resources dedicated to uncovering
vulnerabilities naturally leads to a higher number being
identified.
“The past year marked a watershed moment in cybersecurity, with
organizations worldwide confronting an unprecedented surge in both
the volume and complexity of cyber threats,” said Mordecai Rosen,
CEO at Skybox Security. “Patching remains a crucial defense, but
its limitations are clear in today’s fast-paced threat landscape.
Effective vulnerability management goes beyond patching. It
involves continuous identification, risk-based prioritization,
leveraging existing controls for timely mitigation, and ethical
cybersecurity practices. This comprehensive approach empowers
organizations to navigate the complexities of modern threats.”
Mean time to remediation (MTTR) remains inadequate
This report further exposes a critical cybersecurity challenge:
a shrinking window for vulnerability patching. The mean time to
exploit (MTTE) plummeted to just 44 days in 2023, with a concerning
25% of vulnerabilities exploited the same day and a staggering 75%
within 19 days. This rapid exploitation timeline stands in stark
contrast to the lengthy 95-155 days from the CVE publication to
remediation. This rapid exploitation timeline and the long delay in
identifying malicious activity necessitate swift and effective
response mechanisms from organizations. There is a very short
window for remediation of new vulnerabilities, which leaves
cybercriminals ample time to compromise networks if not acted upon
quickly.
The time has come to move beyond just patching
Traditional vulnerability scanning methods struggle to keep pace
with today’s surge in vulnerabilities. The sheer volume overwhelms
even the most diligent security teams, making spreadsheet-based
tracking and patching cycles ineffective. This is why organizations
are increasingly turning to modern vulnerability management
solutions.
To combat shrinking remediation windows, a modern vulnerability
management approach integrated within a continuous exposure
management program becomes crucial. Companies can reduce their risk
and slim down their mean time to remediation (MTTR) by
adopting:
- Continuous Vulnerability Identification: leveraging
automated techniques to discover new vulnerabilities across systems
and networks constantly.
- Risk-Based Prioritization: Not all vulnerabilities are
created equal. Effective vulnerability management prioritizes
threats based on factors like exploitability, potential impact on
critical systems or data, and the existence of patches. This
ensures the security teams focus on the most critical issues
first.
- Leveraging Existing Controls: Vulnerability management
solutions can help identify how these controls can be used to
mitigate the risks posed by specific vulnerabilities, even before a
patch is available.
- Ethical and Legal Compliance: Cybersecurity goes beyond
technical measures. Effective vulnerability management ensures
adherence to relevant data privacy regulations and responsible
testing.
Read the full 2024 Vulnerability and Threat Trends Report.
About Skybox
Over 500 of the largest and most security-conscious enterprises
in the world rely on Skybox for the insights and assurance required
to stay ahead of dynamically changing attack surfaces. Our Exposure
Management Platform delivers complete visibility, analytics, and
automation to quickly map, prioritize, and remediate
vulnerabilities across your organization. The vendor-agnostic
solution intelligently optimizes security policies, actions, and
change processes across all corporate networks and cloud
environments. With Skybox, security teams can now focus on the most
strategic business initiatives while ensuring enterprises remain
protected. Learn more at skyboxsecurity.com.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20240626146201/en/
media-relations@skyboxsecurity.com