New research from cyber insurance provider Coalition reports a 13% increase in average monthly Common Vulnerabilities and Exposures over 2022.
This according to the first annual Coalition Cyber Threat Index by Coalition, which details insights on cybersecurity trends from 2022 and what emerging cyber threats are on the horizon.
Based on data from the last ten years, Coalition predicts more than 1,900 new Common Vulnerabilities and Exposures (CVEs) per month in 2023, including 270 high-severity and 155 critical-severity vulnerabilities.
Coalition also reported that, for most CVEs, the time to exploit is within 90 days of public disclosure, with the majority exploited within the first 30 days.
It further found that 94% of organizations scanned in the last year have at least one unencrypted service exposed to the internet and that Remote Desktop Protocol (RDP) remains cyber-attackers’ most commonly scanned protocol.
“The reality is that the number of security vulnerabilities and breaches are consistently increasing —from 1,000 in 2002 to over 23,000 in 2022. Defenders are fighting a battle on all sides and at all times,” said Tiago Henriques, Coalition’s Vice President of Security Research.
“We produced this report to provide as much information as possible for organizations to learn from. With the overwhelming volume of vulnerabilities and lack of IT staff, cybersecurity experts need a way to evaluate each vulnerability’s risk so they can prioritize what to address.”
In light of its findings, Coalition recommends that organizations and their security and IT teams prioritize applying updates on public-facing infrastructure and internet-facing software to mitigate vulnerabilities in older software to prepare for the looming 2023 threats.
“Cybersecurity professionals must be more alert than ever to vulnerabilities that already exist within their networks and assets. Attackers are becoming increasingly sophisticated and have become experts at exploiting commonly used systems and technologies,” continued Henriques.
“Organizations must ensure they use secure communication protocols to access their data and that those services have enforced multifactor authentication. Taking steps like these to improve your basic security hygiene is crucial to improving your overall defence posture.”
