It was a "record-breaking year" for common vulnerabilities and exposures (CVEs) logged by security researchers in 2021, according to a National Vulnerability Database (NVD) analysis performed by Redscan, a Top 40 MDR (managed detection and response) provider.
Key findings from Redscan's analysis included:
- More security vulnerabilities have been disclosed in 2021 (at least 18,439) than in any other year to date.
- On average, more than 50 CVEs have been logged each day in 2021.
- 90 percent of CVEs discovered in 2021 can be exploited by cybercriminals with limited technical skills.
- 61 percent of CVEs require no user interaction to exploit.
- 55 percent of CVEs require no privileges to exploit.
- 54 percent of CVEs are classified as having "high" availability; cybercriminals can readily access and exploit these vulnerabilities.
- 53 percent of CVEs have a high confidentiality rating.
Cybercrime and security vulnerabilities are constantly evolving, and security teams are struggling to keep pace, Redscan Head of Threat Intelligence George Glass said. However, security teams that plan ahead are well-equipped to combat cybercrime and guard against current and emerging vulnerabilities.
Tips to Protect Against CVEs
Security teams must have controls in place to detect and respond to CVEs in their early stages, Glass indicated. That way, they can mitigate these vulnerabilities and exploits before they can cause severe damage.
In addition, patch management is paramount, Glass pointed out. Security teams that install patches and keep their software up to date can ensure that cybercriminals cannot exploit security gaps to launch cyberattacks.
Furthermore, organizations can use the NVD to track new CVEs. They also can partner with MSSPs to find ways to protect against CVEs and optimize their security posture.