With Cybersecurity Awareness Month 2022 coming to an end on Halloween, it’s the perfect time to take a deep look at some of the spookiest cybersecurity statistics surrounding the increasingly volatile threat landscape. Each year, cybersecurity companies publish a number of research reports focusing on different aspects of cybersecurity and breach trends. Below is a list of some staggering statistics from several reports published throughout the year.
SecurityScorecard – The Fast and the Frivolous – Pacing Remediation of Internet-Facing Vulnerabilities
53% of organizations have at least one open vulnerability exposed to the internet. 22% of those organizations amass over 1,000 vulnerabilities each.
It typically takes organizations about a year to remediate half of the vulnerabilities in the internet-facing infrastructure.
The Finance sector has one of the slowest remediation rates (median=426 days), while Utilities rank among the fastest (median=270 days).
Despite a 15-fold increase in exploitation activity for vulnerabilities with published exploit code, there is little evidence that organizations fix exploited flaws faster.
Skybox Security – 2022 Vulnerability and Threat Trends Report
There were 20,175 new vulnerabilities published in 2021, up from 18,341 in 2020. That’s the most vulnerabilities ever reported in a single year, and it’s the biggest year-over-year increase since 2018.
The number of new vulnerabilities exploited in the wild rose by 24% in 2021.
Vulnerabilities in operational technology jumped 88% from 2020 to 2021.
The malware industry continues to churn out a wide array of malicious software: crypto jacking and ransomware programs increased by 75% and 42% respectively in 2021.
Cequence Security – API Protection Report — First Half 2022
31% (approximately 5 billion) malicious transactions targeted unknown, unmanaged and unprotected APIs, commonly referred to as shadow APIs, making this the top threat challenging the industry.
The second largest API security threat mitigated during the first half of 2022 was API abuse, meaning attackers targeting properly coded and inventoried APIs.
Onapsis – Research from SAP, CISA, and Onapsis
Research found that threat actors can start weaponizing critical SAP vulnerabilities less than 72 hours after a patch is released.