<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=578826073428599&amp;ev=PageView&amp;noscript=1">
Remotely Blog

Vulnerabilities Trend Continues to Rise

We've all heard it by now; the shift to remote work is causing a spike in security risk and vulnerabilities. However, the spike in vulnerabilities has been occurring over the past 5 years, with an increase from 6447 vulnerabilities reported in 2016, jumping to a total of 20,143 in 2021.

The NIST National Vulnerability Database reports the sharp increase in vulnerabilities year-over-year beginning in 2017, as seen in the chart below.

CVSS OVER TIME

The spike in reported vulnerabilities does not appear to be slowing down in 2022 either, with the daily average of vulnerabilities reported tripling since 2017 from 17.7 vulnerabilities reported daily, to 61.4 vulnerabilities reported daily in 2022.

CVE Daily Average-1

With this jump in vulnerabilities, it is becoming clear to enterprise organizations (and all companies for that matter) that it isn't a matter of IF networks will be breached, but WHEN.

Steps to take if you observe potential vulnerabilities

According the the Cybersecurity & Infrastructure Security Agency (CISA) the steps you can take if observing a potential vulnerability are to:

  1. OBSERVE the activity
  2. ACT by taking local steps to mitigate the threat
  3. REPORT the event

You can learn more about how to report incidents to CISA on their website here.

What type of activity should be shared?

Almost any vulnerability is considered important, and should be shared with CISA. Some of the most common types of activity that should be shared include:

  • Unauthorized access to your system.
  • Distributed Denial of Service (DDoS) attacks that last more than 12 hours.
  • Malicious code on your systems, including variants if known (often caused by cross-site scripting (XSS) vulnerabilities).
  • Targeted and repeated scans against services on your systems.
  • Repeated attempts to gain unauthorized access to your system.
  • Email or mobile messages associated with phishing attempts or successes.
  • Ransomware against Critical Infrastructure.

Information to include when sharing

When sharing information with CISA, they request the following information be prioritized:

  1. Incident date and time
  2. Incident location
  3. Type of observed activity
  4. Detailed narrative of the event
  5. Number of people or systems affected
  6. Company/ Organization name
  7. Point of Contact details
  8. Severity of event
  9. Critical Infrastructure Sector (if known)
  10. Any other parties that have been informed

If you would like to stay informed with Vulnerability updates, please visit the Remotely Alerts. You can stay informed by subscribing as well.

Is your RMM leaving your organization vulnerable?

Find out using our free 50+ point Security Checklist.

No Comments Yet

Let us know what you think