Edgescan, the provider of smart vulnerability management, today announces the findings of its 2022 Vulnerability Statistics Report, which for the 7th year running offers a comprehensive view of the state of vulnerability management globally. This year’s report takes a more granular look at the trends by industry, and provides details on which of the known, patchable vulnerabilities are currently being exploited by threat actors.
The report reveals that organizations are still taking nearly two months to remediate critical risk vulnerabilities, with the average mean time to remediate (MTTR) across the full stack set at 60 days.
Edgescan found high rates of “known” (i.e. patchable) vulnerabilities that have working exploits in the wild. 57% of all the vulnerabilities are more than two years old, with as many as 17% being more than five years old. Edgescan also observed a concerning 1.5% of known, unpatched vulnerabilities that are over 20 years old, dating back to 1999.
Remote access exposures across the attack surface are a worrying trend and accounted for 5% of total attack surface exposures in 2021.
While the size of an organization bears little weight on MTTR, Edgescan observed significant differences across industries. Healthcare organizations (NAICS 62) – despite the extreme pressure they endured in the past two years – came out on top, with an MTTR of just 44 days. At the opposite end of the spectrum, the public administration sector (NAICS 92) took an average of 92 days to remediate known vulnerabilities – a month longer than the cross-industry average.
The findings in the report Edgescan 2022 Vulnerability Statistics Report are based on the data collected from tens of thousands of individual assets. The analyzed sample included over 40,000 web application and API assessments, 3 million Network Endpoint assessments, and circa 1000 penetration tests delivered in 2021 by the Edgescan team.
Organizations Take An Average Of 60 Days To Patch Critical Risk Vulnerabilities: Edgescan
Posted in Commentary with tags Edgescan on March 7, 2022 by itnerdEdgescan, the provider of smart vulnerability management, today announces the findings of its 2022 Vulnerability Statistics Report, which for the 7th year running offers a comprehensive view of the state of vulnerability management globally. This year’s report takes a more granular look at the trends by industry, and provides details on which of the known, patchable vulnerabilities are currently being exploited by threat actors.
The report reveals that organizations are still taking nearly two months to remediate critical risk vulnerabilities, with the average mean time to remediate (MTTR) across the full stack set at 60 days.
Edgescan found high rates of “known” (i.e. patchable) vulnerabilities that have working exploits in the wild. 57% of all the vulnerabilities are more than two years old, with as many as 17% being more than five years old. Edgescan also observed a concerning 1.5% of known, unpatched vulnerabilities that are over 20 years old, dating back to 1999.
Remote access exposures across the attack surface are a worrying trend and accounted for 5% of total attack surface exposures in 2021.
While the size of an organization bears little weight on MTTR, Edgescan observed significant differences across industries. Healthcare organizations (NAICS 62) – despite the extreme pressure they endured in the past two years – came out on top, with an MTTR of just 44 days. At the opposite end of the spectrum, the public administration sector (NAICS 92) took an average of 92 days to remediate known vulnerabilities – a month longer than the cross-industry average.
The findings in the report Edgescan 2022 Vulnerability Statistics Report are based on the data collected from tens of thousands of individual assets. The analyzed sample included over 40,000 web application and API assessments, 3 million Network Endpoint assessments, and circa 1000 penetration tests delivered in 2021 by the Edgescan team.
Leave a comment »