Coalition, an active cyber threat insurance provider, has released its Cyber Threat Index 2024, offering insights into cybersecurity trends from 2023 and emerging threats for 2024. The index projects a substantial 25% increase in common vulnerabilities and exposures (CVEs) for 2024, totalling 34,888 vulnerabilities.
Tiago Henriques, Head of Research at Coalition, expressed concerns about the growing influx of vulnerabilities, citing the complexity of the cyber risk landscape.
Henriques emphasised that most organisations are overwhelmed by the sheer volume of alerts and struggle to prioritise which vulnerabilities to address first to mitigate overall risk.
“In today’s cybersecurity climate, organisations can’t be expected to manage all of the vulnerabilities on their own; they need someone to manage these security concerns and help them prioritise remediation. We share these insights, as well as our Coalition Exploit Scoring System, in the hopes that it will make the complicated cyber ecosystem a little more manageable for companies of all sizes,” Henriques adds.
One alarming finding from the report is a 59% increase in unique IP addresses scanning for Remote Desktop Protocol (RDP), which significantly raises the risk of ransomware events, according to Coalition data.
Additionally, the report highlights that approximately 10,000 businesses are operating the end-of-life (EOL) Microsoft SQL Server 2000, while over 100,000 businesses are using EOL Microsoft SQL servers.
The report also notes a dramatic 1000% surge in honeypot (sensor) activity just 16 days before Progress Software issued its MOVEit security advisory. Coalition’s honeypots play a crucial role in identifying major vulnerabilities before they become widespread, providing businesses with the opportunity to take preventative action.
John Roberts, General Manager of Security at Coalition, emphasised the effectiveness of managed detection and response (MDR) solutions in reducing attack response time by 50% or more.
Roberts highlights the necessity of human expertise in vulnerability and risk management, stating, “with MDR, after technology detects suspicious activity, human experts can intervene in numerous ways, including isolating impacted machines or revoking privileges. Coalition has experience doing exactly this to stop cyber criminals mid-attack.”
Overall, Coalition’s report highlights the significant volume of vulnerabilities confronting businesses, underscoring the escalating cyber risks they face in 2024. Therefore, it is crucial for businesses to prioritise cybersecurity measures and implement comprehensive solutions such as Coalition’s Exploit Scoring System and MDR to mitigate evolving cyber threats.
