Qualys, Inc a leader in disruptive cloud-based IT, security, and compliance solutions, has published insights from its Threat Research Unit (TRU), examining pivotal vulnerabilities in 2023 and their organizational impact. In the same year, 26,447 vulnerabilities were disclosed, surpassing the 2022 count by over 1,500 CVEs.
Focus on Critical Vulnerabilities
Saeed Abbasi, Product Manager at Qualys, emphasized that despite the alarming increase in vulnerabilities, less than 1% posed the highest risk. These critical vulnerabilities are weaponized, actively exploited by ransomware, threat actors, or malware, and confirmed to be in the wild.
TRU Analysis Highlights
The Qualys TRU delved into high-risk vulnerabilities, revealing insights and common trends. Key takeaways include:
2023 Cyber Landscape Highlights
Recommendations for Organizations
Abbasi stressed the need for a multifaceted approach to vulnerability prioritization, focusing on known exploits, high EPSS scores, and vulnerabilities with weaponized code. Qualys’ Enterprise TruRisk Platform aids in measuring, communicating, and proactively managing cyber risk’s impact on business risk.
In the face of an escalating cyber threat landscape, the recommendations advocate a robust, proactive vulnerability and risk management approach for organizations.