Vulnerability and Threat Trends Report 2022

This content was originally published by Skybox Security and has been preserved here on tufin.com for posterity.

Record breaking vulnerabilities, rising OT security risks, and increasing exploits demand a new approach to vulnerability management.

Read report to:

Get insight into the rapid evolution of the threat landscape.
Learn why traditional vulnerability management tools are not good enough to prevent todays breaches.
Uncover the reasons why new cryptojacking and ransomware programs top Malware list in 2021.
See how Log4Shell spotlights supply chain risk.
Learn new ways to de-risk IT/OT convergence.
Find out why advanced cybersecurity risk scoring is essential for today’s attack surface management.
Get the blueprint for how organizations are shifting security programs from detect-and-respond to prioritize-and-prevent.

If the events of 2021 tell us anything about the state of cybersecurity, it’s that you can’t fight today’s battles with yesterday’s tools. The rapid evolution of the threat landscape has made past approaches to vulnerability management outmoded, if not downright archaic.

Our data, provided by the threat intelligence division of Skybox, paints a vivid picture of the new reality confronting CISOs and their teams. The findings reveal not only how vulnerabilities — especially in OT — are proliferating at an unprecedented rate, but how threat actors have gotten better and faster at capitalizing on them with a range of new malware and exploits.

A sample of the research findings include:

New vulnerabilities hit an all-time high

There were 20,175 new vulnerabilities published in 2021, up from 18,341 in 2020. That’s the most vulnerabilities ever reported in a single year, and it’s the biggest year-over-year increase since 2018.

OT vulnerabilities nearly double

Vulnerabilities in operational technology jumped 88%, from 690 in 2020 to 1,295 in 2021. At the same time, OT assets are increasingly connected to networks, exposing critical infrastructure and other vital systems to potentially devastating breaches.

Cryptojacking and ransomware lead new malware production

The malware industry continues to churn out a wide array of malicious software: crypto jacking and ransomware programs increased by 75% and 42%, respectively.

Threat actors are exploiting weaknesses faster

The number of new vulnerabilities exploited in the wild rose by 24%. That’s a sign of just how quickly cybercriminals are now moving to capitalize on new weaknesses, shrinking the window that security teams have to detect and address vulnerabilities before an attack.

As the insights shared in this report make clear, a reset is long overdue. Cybersecurity organizations must move beyond the status quo to a new generation of tools and techniques that flip the script from firefighting to prevention, from manual labor to automated efficiency, and from scattershot, short-term fixes to systematic, comprehensive, and continuous risk reduction.

Download the report to see the complete findings.

Firewall Management

Audit & Compliance

Cloud Network Convergence

Change Automation

By Industry

By Technology