Skybox Security has announced the release of its 2021 Vulnerability and Threat Trends Report. Skybox Research Lab uncovered a massive increase in cyber threats globally year-over-year fueled by both the pandemic and expanding attack surfaces.
Skybox Research Lab key findings
- New malware samples nearly doubled: New ransomware samples increased 106% year-over-year. Trojans increased 128%, with threat actors using trojans to exploit lower-severity vulnerabilities. Sophisticated, multi-staged attacks and malware-as-a-service have become the norm.
- Vulnerabilities hit a new high: Skybox Research Lab reported 18,341 new vulnerabilities in 2020. To stay ahead of attacks, security and risk leaders need sophisticated insights into which vulnerabilities are high-risk and remediation options for all assets, including non-patching options.
- Critical infrastructure has never been more vulnerable: Operational technology (OT) vulnerabilities increased 30% year-over-year. To identify and remediate critical attack vectors ahead of incidents, security programs need to evolve. Security posture management must expand from IT to OT environments.
- Industry 4.0 spreads supply chain risks: Industrial Internet of Things (IIoT) flaws increased 308% year-over-year. A single IIoT device frequently ships with parts from dozens of manufacturers, lacking supply chain transparency. Companies must consider modeling, risk and attack vectors across organizational boundaries to address convergence between different networked environments.
“Security leaders face significant challenges, yet they are not impossible to overcome. Now is the moment when cybersecurity can come of age,” said Gidi Cohen, CEO and Founder, Skybox Security. “Together, we can zero in on what matters to outsmart attackers and overcome security’s most enduring challenges. Strong security posture management is a competitive advantage that can position companies for return to growth in a post-pandemic economy.”
This research underscores that traditional security strategies are no longer good enough. Prevention efforts must mature by creating a dynamic network model to visualize and assess security controls and network segmentation effectiveness. Security teams can then understand cyber exposure, prioritize vulnerabilities and determine the optimal remediation strategy.
“I’ve been saying scanners aren’t enough for years. Having that comprehensive model gives you the context that you need to stop attackers from being successful,” said Richard Stiennon, Security Analyst, IT Harvest. “Processes are then automated, so security practitioners immediately know what’s going to happen. That’s invaluable.”
To read the report, click here.