Coalition, a pioneer in active cyber insurance, has released its Cyber Threat Index 2024 – a comprehensive overview of cybersecurity trends observed in 2023 and potential threats that companies need to be on the lookout for this year.
Among the findings is an anticipated 25% rise in common vulnerabilities and exposures (CVEs) in 2024, equating to nearly 34,900 vulnerabilities. Coalition’s research underscores the escalating pace at which new vulnerabilities are identified, contributing to a cluttered cyber risk landscape that many find challenging to navigate.
In an emailed release, Coalition research head Tiago Henriques said: “With an influx of new vulnerabilities, often sprouting via disparate flagging systems, the cyber risk ecosystem is hard to track. Most organisations are experiencing alert fatigue and confusion about what to patch first to limit their overall exposure and risk.
“In today’s cybersecurity climate, organisations can’t be expected to manage all of the vulnerabilities on their own; they need someone to manage these security concerns and help them prioritise remediation. We share these insights, as well as our Coalition Exploit Scoring System, in the hopes that it will make the complicated cyber ecosystem a little more manageable for companies of all sizes.”
Figures from the index include a 59% increase in unique IP (Internet Protocol) addresses scanning for vulnerabilities in Remote Desktop Protocol (RDP) in 2023, signalling a higher risk of ransomware attacks for businesses with exposed RDPs.
It was also noted that around 10,000 businesses were still utilising the unsupported database Microsoft SQL Server 2000, and over 100,000 operating on end-of-life servers. There was also a 1,000% increase in honeypot (sensor) activity preceding Progress Software’s MOVEit security advisory.
Coalition uses honeypots to detect major CVEs, with the goal of providing businesses the ability to pre-emptively address vulnerabilities through managed detection and response (MDR) solutions.
John Roberts, general manager of security at Coalition, commented: “Coalition has first-hand experience demonstrating that MDR can reduce attack response time by 50% or more – a massive impact to help protect businesses from cyber threats.
“We’re at the point where just setting and forgetting a technology solution is not enough anymore, and experts need to be involved in vulnerability and risk management. With MDR, after technology detects suspicious activity, human experts can intervene in numerous ways, including isolating impacted machines or revoking privileges.”
What do you think about this story? Share your thoughts in the comments below.