TMCnet News
Despite sharp increase in number of vulnerabilities, fewer pose high-risk year-over-year since 2011, Kenna Security findsSAN FRANCISCO, Dec. 10, 2020 (GLOBE NEWSWIRE) -- How has the vulnerability landscape changed over the past decade? Coinciding with the company’s 10-year anniversary, Kenna Security, the enterprise leader in risk-based vulnerability management, has released a data-driven review of the vulnerability trends and risks that have shaped cybersecurity over the past decade. “So much of cybersecurity has changed over the past decade, but one thing has stayed the same: it involves running from one crisis to another,” said Ed Bellis, founder and CTO of Kenna Security. “It’s rare for practitioners to have a chance to look back and see how their jobs have changed. But major shifts over the past decade can provide new clues about what the future holds for cybersecurity.” The number of total vulnerabilities discovered per year has exploded from 4,100 in 2011 to more than 17,500 in 2020. Yet the proportion of vulnerabilities that hackers have been willing or able to weaponize has not kept pace. While the overall volume of vulnerabilities reported each year has quadrupled, the percentage of newly discovered vulnerabilities that have been exploited in the wild has declined to just 0.38 percent from a high of 1.64 percent in 2012. And yet, CVSS, a commonly used metric that some enterprise security teams use to prioritize vulnerability management, does not offer clarity. Over 13 percent of CVEs have a CVSS score of 9 or greater, even though the vast majority have never been exploited in the wild. Kenna Security’s analysis also found:
“We founded Kenna a decade ago because CISOs and their security teams were overwhelmed by the number of vulnerabilities on their systems and the lack of rational and effective ways to manage them,” continued Bellis. “Now as we look back on the last ten years, it’s clear that the challenge has only grown. But there is light at the end of the tunnel. Approaching this challenge with data science and a focus on risk can level the playing field for CISOs. This has made modern vulnerability management more manageable and efficient.” Additional Resources
About Kenna Security
|