Highlights:

  • Skybox suggests that continuous exposure management offers a practical solution for effectively navigating the increasing complexity of cyber security.
  • According to the report’s findings, the majority of vulnerabilities disclosed in 2022, approximately 80%, were classified as medium or high severity.

A new report released by Skybox Security Inc., the cybersecurity management platform firm, outlines the rising necessity for organizations to implement exposure management techniques in the face of an alarming spike in emerging vulnerabilities.

According to the company’s 2023 Vulnerability and Threat Trends Report, there was a 25% increase in the number of new vulnerabilities discovered in 2022 compared to 2021, totaling 24,096.

The growth observed is the most significant since 2017, indicating an increase in vulnerabilities but also an accelerated rate of growth. The rise in the past year has resulted in 192,051 vulnerabilities published over the last ten years, representing a threefold increase over a decade.

According to the report’s findings, the majority of vulnerabilities disclosed in 2022, approximately 80%, were classified as medium or high severity. Critical vulnerabilities accounted for only 16%, but it’s worth noting that severity alone doesn’t always indicate the level of risk. Threat actors often exploit less severe vulnerabilities as entry points to launch more damaging attacks. These results highlight the significance of comprehensive risk assessments considering various factors beyond severity, including exploitability, exposure, asset importance, and potential business impact.

Skybox suggests that continuous exposure management offers a practical solution for effectively navigating the increasing complexity of cyber security. This approach entails adopting a comprehensive perspective of the attack surface, ensuring ongoing visibility, identifying vulnerabilities, evaluating risks, and efficiently prioritizing and automating responses to mitigate threats. Organizations can better address cyber security challenges systematically and proactively by implementing continuous exposure management.

Before the study, Ran Abramson, a threat intelligence analyst at Skybox Research Lab, said, “2022 was a record-setting year for vulnerabilities, indicating that attacks are escalating in both speed and impact. Given the overwhelming number of vulnerabilities, cybersecurity teams need to transition away from reactive methods and embrace continuous exposure management.”

He also said that economic pressures and a continuing lack of skilled cybersecurity workers make continuous exposure management cost-effective. “By adopting this proactive approach, teams with limited resources can avoid overloading and concentrate on the risks that matter to their business,” he said.

In February, Skybox Security made headlines for securing USD 50 million in new funding and welcoming industry veteran Mordecai (Mo) Rosen as its new CEO. Notable investors in this funding round include JP Morgan Chase & Co., PSG Equity LLC, CVC Capital Partners SICAV-FIS S.A., Pantheon Ventures (U.K.) LLP, and Adams Street Partners LLC.