With 2023 just around the corner, it is perhaps a good time to consider cybersecurity horrors and the risks these present to the corporate world.
Each year, cybersecurity companies publish a number of research reports focusing on different aspects of cybersecurity and breach trends. Various security firms have developed a list of some of the most alarming statistics from several reports published throughout the year.
SAP systems
Research from SAP, CISA, and Onapsis found that threat actors can start weaponizing critical SAP vulnerabilities less than 72 hours after a patch is released.
Vulnerabilities abound
SecurityScorecard’s report ‘The Fast and the Frivolous – Pacing Remediation of Internet-Facing Vulnerabilities’, found that 53 percent of organizations have at least one open vulnerability exposed to the internet. In addition, 22 percent of those organizations amass over 1,000 vulnerabilities each.
The consequences are huge. It typically takes organizations about a year to remediate half of the vulnerabilities on the Internet-facing infrastructure. The Finance sector has one of the slowest remediation rates (median=426 days), while Utilities rank among the fastest (median=270 days).
Despite a 15-fold increase in exploitation activity for vulnerabilities with published exploit code, there is little evidence that organizations fix exploited flaws faster.
Malware never goes away
Skybox Security, who issued their ‘2022 Vulnerability and Threat Trends Report’, found there were 20,175 new vulnerabilities published in 2021, up from 18,341 in 2020. That’s the most vulnerabilities ever reported in a single year, and it’s the biggest year-over-year increase since 2018.
The number of new vulnerabilities exploited in the wild rose by 24 percent in 2021. In terms of more specific detail, vulnerabilities in operational technology jumped 88 percent from 2020 to 2021.
It remains a concern that the malware industry continues to churn out a wide array of malicious software: crypto jacking and ransomware programs increased by 75 percent and 42 percent respectively in 2021.
Transacting concern
Cequence Security in their ‘API Protection Report’ found that 31 percent (approximately 5 billion) malicious transactions targeted unknown, unmanaged and unprotected APIs, commonly referred to as shadow APIs, making this the top threat challenging the industry. The second largest API security threat mitigated during the first half of 2022 was API abuse, meaning attackers targeting properly coded and inventoried APIs.
