Author: Cisco Secure, Secure360 Diamond Sponsor
March 31, 2023
Cybercriminals are upping the ante. A new era of cyberwarfare began when Russia launched devastating attacks on Ukraine at the start of 2022, and hackers everywhere took advantage of the ensuing disruption. And analysts are anticipating more grizzly trends. Gartner’s predictions for the next few years are just as alarming. By 2025, bad actors are predicted to have weaponized operational technology to harm—or even kill—humans.
Beyond the digital battlefield, cyberwarfare poses a sobering reality for businesses. Nearly nine in ten organizations believe they have been targeted by a nation-state cyber organization, blurring frontlines ever more. As attacks advance, connectivity increases, and hybrid workforces grow, businesses struggle to manage insurmountable numbers of vulnerabilities and reduce corporate risk.
Today’s vulnerable cyberworld and the threatening future that lies ahead may make you hesitant to take decisive action, but staying ahead of potential threats is crucial. Keeping valuable assets secure today and through the future is a top priority for businesses facing evolving threats. And as the threat landscape expands, organizations are looking to make fast, informed decisions to prioritize the risks that matter most in their environment. We’ll explore just how to do that.
Rising above the flood of CVEs
One way security teams keep informed is by tracking Common Vulnerabilities and Exposures (CVE) data. The rising annual volume of published CVEs has been breaking records since 2017, and 2022 was no exception. Nearly 25% more CVEs were published in 2022 than in 2021, totaling 25,093. Many factors are prompting this steady climb in vulnerabilities, chief among them: expanding attack surfaces, more complex environments, inflated connectivity, sophisticated attacks, and a booming hybrid workforce.
Let’s be real: tracking, assessing, and remediating over 25,000 CVEs every year (and counting) just isn’t feasible. The good news is that the vast majority of published vulnerabilities don’t require your attention. The Prioritization to Prediction, Volume 8 report, which features real-world vulnerability intelligence gathered and analyzed by Kenna Security (now Cisco) and the Cyentia Institute, found that just over 4% of published vulns represent a real risk to organizations. That number may seem more approachable, but identifying and prioritizing which vulns are in those 4% is keeping remediation teams on their toes.
It’s clear the volume of vulnerabilities is surging, yet on average, organizations can only address about 15% of the open vulnerabilities in their environment—and 16% are left open for more than a year. With limited remediation capacity and rising volume, expanding capacity may seem like the right solution. But our research found improving your vulnerability prioritization strategy to be far more effective than increasing capacity for reducing exploitability. Turns out, taking a proactive stance also improves your prioritization strategy.
Prioritizing a proactive security stance
When it comes to making choices about how to improve prioritization strategies and stay ahead, security professionals have the choice between reactive and proactive strategies. Reactive security teams operate on the defense, focus efforts on monitoring and responding to known threats to an organization’s environment, such as phishing, malware, or password attacks. In the event of an attack, a reactive security team executes a response plan to repel the attacker, then assesses and repair damage.
On the opposite end of the spectrum, proactive strategy prevents cyberattacks from happening in the first place. Instead of waiting for an attack to occur, a proactive stance builds security resilience with preventative security hygiene practices and prioritized remediation protocols backed by data science and real-world vulnerability intelligence. Proactive teams achieve a steady state of optimized remediation readiness, anticipating exploits and responding with precision and speed when attacks do occur.
Here’s how proactive teams operate before and after an inevitable breach:
Proactive teams before a breach:
- Practice preventative security hygiene
- Automate preventive and reactive workflows
- Test security systems with exploit predictive modeling
- Identify high-risk vulnerabilities in organizational context
- Predict and mitigate risks before attackers exploit them with vulnerability intelligence
Proactive teams after a breach:
- Make swift, data-backed decisions
- Allow automation to execute response plays
- Reduce incident response time and costs
- Spend time analyzing rather than containing threats
- Research and identify new threats to stay ahead of the game
To future-proof assets in treacherous times, taking a proactive stance holds firm because it:
- Manages risk. Proactive teams are always steps ahead of a crisis. By understanding the context of an organization’s assets, vulnerabilities can be prioritized for remediation by greatest true risk, unlike inflated and misinformed CVSS scores. Teams no longer exhaust themselves from chasing down threats as they occur. By focusing their efforts on mitigating risk, proactive teams drive down the risk cyberthreats pose to their business.
- Predicts and reacts to events. Instead of always reacting to security breaches, top-tier vulnerability management solutions take the offense by leveraging context-backed risk intelligence, predictive modeling, and machine learning to predict incidents before they happen and execute automated responses so teams can focus on the vulnerabilities that matter.
- Is context-rich. You can’t remediate everything—and you don’t have to either. When teams go risk-based, they’re able to focus efforts on prioritizing vulnerabilities that pose the greatest organizational risk. Modern vulnerability management platforms give the full picture from integrated applications and data feeds and the most efficient solutions offer data-backed insights to drive risk-prioritized decision-making.
Vulnerability intelligence is the new currency
Security has historically meant building up defenses against potential attackers. Now, it’s about building security resilience so you can protect every aspect of your business by anticipating what’s next, responding quickly and confidently to changes and threats, and emerge from it stronger than before.
Vulnerability management is only as effective as the data driving its prioritization. This is why so many organizations have opted to evolve their approach to threats with context and data-rich prediction to better manage risk and build resilience. Proven risk-based vulnerability management solutions help teams prioritize and predict only those risks that pose a threat to their business. Those organizations choose a proactive strategy because they know threat actors are just as proactive.
See you at Secure360
If you’re headed to Prior Lake this May, be sure to drop by the Cisco booth (#102) to see what’s in the works for the future of security and risk-based prioritization.
While you’re at it, keep these sessions on your radar for even more insight into how you can future-proof your vulnerability management:
- The CVE Explosion and How Cisco Can Save You
- Tuesday, May 9 at 9:45 AM CT
- With 26,448 CVEs published in 2022 and 10% growth expected in 2023, your ability to prioritize all these vulnerabilities is at risk. This session reveals the latest global data and how you can leverage Cisco Vulnerability Management (formerly Kenna Security) to reduce risk faster and prioritize only what matters most.
- Vulnerability Intelligence for All: Say Goodbye to Data Gatekeeping
- Wednesday, May 10 at 11:15 AM CT
- Vulnerability management is only as effective as the data driving its prioritization, but critical disparate threat feeds are just out of reach for many. Discover how Cisco Vulnerability Management consolidates the industry’s richest threat intelligence so teams can accelerate their vulnerability management maturity and make better decisions, faster.