Vulnerabilities are back as people return to work
After a slump during the pandemic, vulnerability disclosures are once again showing growth according to the latest Vulnerability QuickView Report from Risk Based Security's VulnDB team.
The report shows 12,723 vulnerabilities disclosed during the first half of 2021 and the vulnerability disclosure landscape saw a growth of 2.8 percent compared to the same period in 2020.
"As 2020 unfolded we saw many factors contributing to heavy disruption to industries and organizations around the world," says Brian Martin, vulnerability historian at Risk Based Security. "Those factors include the Coronavirus pandemic, of course, but also the many secondary effects on supply chains, press coverage, investment decisions and more. Since then, the vulnerability landscape has somewhat stabilized as organizations return to normal operations."
On average, there have been 80 new vulnerabilities disclosed each day. Risk Based Security also updated an average of 200 existing vulnerability entries per day as new solution information, references, and additional metadata became available.
In addition report shows that 1,425 vulnerabilities disclosed in the first half of 2021 are remotely exploitable, have a public exploit and have a mitigating solution. Organizations should consider fixing these issues as their number one priority if they pose a risk.
But while vulnerabilities are up there were only 1,767 publicly reported breaches in the first six months of 2021, a 24 percent decline compared to the same period last year. The decline in breach disclosures comes mainly from locations outside of the US, including breaches originating from unknown origins. In the US, the number of reported breaches increased by a modest 1.5 percent.
"Important information missed during the pandemic is resurfacing," adds Martin. "Even if organizations may be comfortable returning to their previous processes, the fundamental problem still remains -- there are too many vulnerabilities for many organizations to realistically handle unless they adopt a truly risk-based approach to patching."
The full report is available on the Risk Based Security site.