New vulnerabilities increase by 25 percent
A new report uncovers a worrying 25 percent increase in the total number of new vulnerabilities published in 2022.
The latest Vulnerability and Threat Trends Report from the Skybox Security Research Lab shows 25,096 new vulnerabilities published last year, representing the largest year-on-year rise seen since 2017.
"2022 was a record-setting year for vulnerabilities, showing that attacks are increasing in speed and impact as threat actors target the most sensitive assets and seek to inflict as much damage as possible," says Ran Abramson, threat intelligence analyst at Skybox Research Lab. "The numbers are astounding, and there are far too many vulnerabilities for cybersecurity teams to keep up with. It's more critical than ever that organizations need to pivot away from reactive approaches to continuous exposure management."
The research finds that 80 percent of vulnerabilities reported in 2022 were either medium or high severity. Only 16 percent were deemed critical, but then severity does not necessarily equal risk. Many threat actors specifically target less severe weaknesses, exploiting these vulnerabilities to gain access to a system before moving laterally to escalate attacks.
Recommendations to help businesses deal with this threat landscape include taking a holistic approach, maintaining 360-degree visibility of the attack surface, and taking steps to discover and detect the full range of exposures.
"In the face of economic pressures and ongoing cybersecurity talent shortages, continuous exposure management is a pragmatic and cost-effective approach to cybersecurity," adds Abramson. "By adopting this proactive approach, teams with limited resources can avoid overloading and concentrate on the risks that matter to their business."
The full report is available from the Skybox site.