Cyber insurer Coalition has published its first annual cyber threats index, which provides detailed insights on cybersecurity trends for the year 2022 and the emerging cyber threats businesses should prepare for in 2023.
The annual report used data gathered by the insurer’s active risk management and reduction technology, combining data from underwriting and claims, internet scans, and Coalition’s global network of honeypot sensors and scanning over 5.2 billion IP addresses. Coalition’s honeypots observed cyber attacks from the inside to develop a deeper understanding of attackers' techniques over the span of 22,000 events.
Based on data from the last ten years, Coalition predicted over 1,900 new common vulnerabilities and exposures (CVEs) per month in 2023, a 13% increase in average monthly CVEs from published 2022 levels. These 1,900 CVEs included 270 high-severity and 155 critical-severity vulnerabilities.
Here are other findings from Coalition’s cyber threat index:
“The reality is that the number of security vulnerabilities and breaches are consistently increasing – from 1,000 in 2002 to over 23,000 in 2022,” said Coalition vice president of security research Tiago Henriques. “Defenders are fighting a battle on all sides and at all times.”
We've released our first technical report at @SolveCyberRisk you can download it here https://t.co/WWaZ12S37r - tl;dr: Lots of vulns, focus on fixing what matters, still a lot of data exposed ready to be stolen, ton of insecure services, patching is hard!— Tiago Henriques (@Balgan) February 1, 2023
Henriques added: “We produced this report to provide as much information as possible for organisations to learn from. With the overwhelming volume of vulnerabilities and lack of IT staff, cybersecurity experts need a way to evaluate each vulnerability's risk so they can prioritise what to address.”
Coalition’s cyber threats index ended with two recommendations for organisations’ IT teams and cyber security. They should apply updates on public-facing infrastructure and internet-facing software within 30 days of every patch’s release, and they should follow regular upgrade cycles. These would mitigate vulnerabilities – especially in older software – to the cyber threat events looming ahead.
“[Cyber] attackers are becoming increasingly sophisticated and have become experts at exploiting commonly used systems and technologies,” said Henriques. “Organisations must ensure they use secure communication protocols to access their data and that those services have enforced multifactor authentication. Taking steps like these to improve your basic security hygiene is crucial to improving your overall defence posture.”