Researchers Report Nearly 20,000 Vulnerabilities in 2017, Reinforcing the Need for a Proactive Cybersecurity Strategy

April 5, 2018 @ 12:21 PM
| |
2 min read

The number of recorded software vulnerabilities soared to almost 20,000 last year, according to a new report, suggesting a pressing need for organizations to adopt a proactive cybersecurity strategy.

In its “Vulnerability Review 2018,” software vendor Flexera noted that the number of vulnerabilities shot up 14 percent between 2016 and 2017, though the percentage of highly critical flaws stayed relatively flat at 16 percent. The report characterized the majority (55 percent) of these vulnerabilities as remote network flaws, followed by local network vulnerabilities at 32 percent.

Report Highlights the Importance of Proactive Patching

Flexera’s Secunia Research unit drew upon data it gathered from monitoring more than 55,000 applications, operating systems and hardware. The report underscored the importance of keeping up with software patching, noting that there were patches available for 86 percent of vulnerabilities on the day they were disclosed to the public.

Although the thought of zero-day attacks may be keeping chief information security officers (CISOs) up at night, the study showed that out of 19,954 known vulnerabilities, only 14 fell into this category. The authors suggested that it’s more critical to minimize the gap between learning about a flaw and fixing it, thus reducing the window of time during which cybercriminals can steal data.

Flexera isn’t the only firm keeping track of software vulnerabilities. A recent study by global real-time cyberthreat intelligence provider Recorded Future found that Microsoft products, such as Office, Internet Explorer and Edge, accounted for seven of the top 10 vulnerabilities exploited by cybercriminals in 2017.

Time to Update Your Cybersecurity Strategy

Beyond the raw numbers, the Flexera research highlighted organizations’ tendency to implement a reactive cybersecurity strategy. While firms often move quickly to get on top of vulnerabilities once they are disclosed, many don’t examine threat intelligence on an ongoing basis to reduce risks before they emerge as full-blown attacks. A more proactive strategy could help organizations maintain productivity and normal operations while they deal with security risks.

Shane Schick
Writer & Editor
Shane Schick is a contributor for SecurityIntelligence.