Tenable has released its 2022 Threat Landscape Report, which explores the current state of cybersecurity vulnerabilities and threats. The report is a comprehensive view of the landscape that highlights the importance of contextual data and exposure management in building an effective cybersecurity program. The report highlights that vulnerabilities continue to increase, with known flaws persistently causing problems year after year. The report also emphasizes the importance of understanding the threat landscape and how attackers use vulnerabilities to target enterprises, governments, and nonprofits.
Top data points and insights from the report include:
Over a five-year period from 2018 through 2022, the number of reported CVEs increased at an average annual growth rate of 26.3%.
There were 25,112 vulnerabilities reported in 2022 (as of January 9, 2023), which represents a 14.4% increase over the 21,957 reported in 2021 and a 287% increase over the 6,447 reported in 2016.
Vulns dating as far back as 2017 were so prominent in Tenable's findings that they occupy the top spot in the 2022 list of the top 5 vulnerabilities.
Disclosure issues were front and center, impacting organizations’ ability to defend, due to delays in patching (such as with Microsoft Follina) and confusing disclosure patterns (with Fortinet and OpenSSL)
Operating system vulnerabilities skyrocketed, accounting for over half of all zero-days and surpassing browser vulns which held the top spot for the past two years
Cloud providers are less transparent about vulnerabilities because the cloud space lacks the reporting infrastructure and protocols that the established players
Cloud misconfigurations affected even the most mature organizations, with Microsoft and Amazon both experiencing breaches of sensitive customer information
Over 3% of all data breaches in 2022 were caused by unsecured databases, accounting for leaks of over 800 million records
Despite reports that ransomware is declining, Tenable found that the frequency of ransomware attacks remained on par with prior years, with ransomware accounting for about 35% of data breaches
2.29 billion records were exposed in 2022, making up only half of the records exposed in 2021 (4 billion)
Tenable provides four recommendations for actions security professionals can take today to improve their preventive cybersecurity efforts and beef up their exposure management practices. These include prioritizing patching based on risk, leveraging automation, collaborating across security teams, and shifting to a risk-based approach.