A new report from cybersecurity management platform company Skybox Security Inc. today details an increased need for organizations to adopt exposure management practices amid an alarming increase in new vulnerabilities. 

The company’s 2023 Vulnerability and Threat Trends Report leads with the finding that there were 24,096 new vulnerabilities discovered in 2022, a 25% increase in the total number of new vulnerabilities found versus 2021.

The growth is the largest recorded since 2017, highlighting that vulnerabilities are not just rising, but rising at a faster rate. The increase last year brought the number of vulnerabilities published in the previous ten years to 192,051 — a threefold increase over a decade. 

The report found that most vulnerabilities reported in 2022: Some 80% were of medium or high severity. Only 16% were deemed critical, although the report notes that severity does not always correlate with risk, since threat actors often exploit less severe weaknesses to infiltrate a system and escalate attacks. The findings are said to underscore the importance of risk assessments that evaluate multiple factors beyond severity, such as exploitability, exposure, asset importance and potential business impact.

Skybox proposes continuous exposure management as a viable solution to navigate cybersecurity’s growing complexity better. The approach involves taking a holistic view of the attack surface, maintaining constant visibility, identifying a wide range of exposures, assessing risk, and prioritizing and automating responses to mitigate threats efficiently.

“2022 was a record-setting year for vulnerabilities, indicating that attacks are escalating in both speed and impact,” Ran Abramson, threat intelligence analyst at Skybox Research Lab, said before the report’s release. “Given the overwhelming number of vulnerabilities, cybersecurity teams need to transition away from reactive methods and embrace continuous exposure management.”

Moreover, he said, economic pressures and ongoing cybersecurity talent shortages make continuous exposure management a cost-effective approach. “By adopting this proactive approach, teams with limited resources can avoid overloading and concentrate  on the risks that matter to their business,” he said.

Skybox Security was last in the news in February when it raised $50 million in new funding and announced the appointment of security expert Mordecai (Mo) Rosen as its new chief executive. Investors include CVC Capital Partners SICAV-FIS S.A., JP Morgan Chase & Co., Pantheon Ventures (UK) LLP, PSG Equity LLC and Adams Street Partners LLC.

Image: Skybox Security