In a newly published report Wednesday, cyberinsurance firm Coalition has highlighted the current vulnerability scoring and prioritization systems’ limitations, contributing to enterprises’ timely patching struggles. The published “Cyber Threat Index 2024” detailed several critical vulnerabilities that policyholders faced throughout 2023 and the challenges that ensued.
Coalition used “Coalition’s threat-collection technology,” including honeypots, scanning data, and the Exploit Scoring System (ESS) launched in June, to compile the data. Analyzing vulnerability trends through an autoregressive integrated moving average model, the insurer found that timely patching is essential to effective security postures, especially with the growing number of disclosed vulnerabilities. In fact, Coalition’s claims data showed that policyholders with even one unpatched critical vulnerability were 33% more likely to experience a claim.
The report noted that current vulnerability scoring and prioritization frameworks, such as the CVSS and CISA’s Known Exploited Vulnerabilities (KEV) catalog, often fall short in providing practical understanding of real-world exploitation. Prioritization is crucial because organizations don’t have time to navigate the massive influx of vulnerabilities, and the ongoing race between enterprises and threat actors to patch a vulnerability before it is exploited.
The report cited several examples of “celebrity CVEs,” high-profile flaws that sometimes produced misleading impressions for organizations. The report emphasized the need for new strategies for prioritization, such as combining honeypot data with automated vulnerability prioritization.
Furthermore, the report highlighted that vulnerability exploitation was a significant root cause leading to ransomware claims in 2023. Organizations with Remote Desktop Protocol (RDP) exposed to the internet were the most likely to experience a ransomware event. Exposed databases were also targeted, and companies using End-of-Life (EOL) versions of databases were three times more likely to experience a ransomware claim.
Addressing the challenges, the report urged organizations to embrace an array of sources including CVSS, KEV, and security advisories for vulnerability patch management. It also emphasized the importance of implementing a managed detection and response (MDR) service, as businesses with MDR in place have a 50% faster median time to respond (MTTR), significantly lowering the impact of cyber incidents.
Looking ahead to 2024, the report warned about the increased risk from Ivanti Connect Secure VPN and Fortinet SSL VPN products, as well as on-premises Microsoft Exchange servers. It emphasized the need for organizations to monitor these technologies closely to mitigate potential threats.
Overall, Coalition’s “Cyber Threat Index 2024” shed light on the pressing need for improved vulnerability scoring and prioritization systems to help enterprises effectively manage and prioritize patching efforts. With the increasing number of disclosed vulnerabilities and the growing threat of exploitation, organizations must stay vigilant and be proactive in securing their systems to mitigate the risk of cyber incidents.