Malware Remains Top Cause of Cybersecurity Incidents
Malware was responsible for 40 percent of confirmed cybersecurity incidents in 2022, as measured by Orange Cyberdefense and detailed in a recent report. According to the Security Navigator 2023 report, "Network & Application Anomalies" was the second highest incident type at 19 percent, followed by "System Anomalies" at 11.5 percent.
The report also states that "large" organizations (>10,000) had five times more confirmed incidents than small or medium-sized organizations. "In total large organizations were responsible for 72 percent of the confirmed incident count in 2022."
The free, 64-page report details threats by type, industry vertical, and geographic region, along with responses and insight about how to protect your organization. This information, says Laurent Célérier, helps "identify the underlying trends that are being confirmed (for example, the untenable pressure of vulnerabilities, with an average patching time that we observe to be 215 days), the technical and geographical evolutions (particularly in terms of ransomware), but also to study the scope and impact of the major events that marked the past year, whether geopolitical (war in Ukraine) or technical (Log4j crisis)."
Specifically, the report's vulnerability scan data shows that:
- 28% of all findings are addressed in less than 30 days.
- 72% of all findings take 30 days or more to patch.
- 52% of all findings take 90 days or more to patch.
- The average age of findings is 215 days.
Regarding vulnerability management, the report also notes that "an average of 50 new vulnerabilities are discovered every day so … it's impossible to patch them all." What's important, says Mélanie Pilpré, is "focusing on the real risk using vulnerability prioritization to correct the most significant flaws and reduce the company's attack surface the most."