cyber
TRENDS
Derek Manky , Chief Security Strategist and Global VP Threat Intelligence , FortiGuard Labs
Key findings from the second half of 2023 include :
• Attacks started on average 4.76 days after new exploits were publicly disclosed : Like the 1H 2023 Global Threat Landscape Report , FortiGuard Labs sought to determine how long it takes for a vulnerability to move from initial release to exploitation , whether vulnerabilities with a high Exploit Prediction Scoring System ( EPSS ) score get exploited faster and whether it could predict the average time-to-exploitation using EPSS data . Based on this analysis , the second half of 2023 saw attackers increase the speed with which they capitalised on newly publicised vulnerabilities ( 43 % faster than 1H 2023 ). This shines a light on the need for vendors to dedicate themselves to internally discovering vulnerabilities and developing a patch before exploitation can occur ( mitigate instances of 0-Day vulnerabilities ). It also reinforces that vendors must proactively and transparently disclose vulnerabilities to customers to ensure they have the information needed to effectively protect their assets before cyberadversaries can exploit N-day vulnerabilities .
• Some N-Day vulnerabilities remain unpatched for 15-plus years : It ’ s not just newly identified vulnerabilities that CISOs and security teams must worry about . Fortinet telemetry found that 41 % of organisations detected exploits from signatures less than one month old and
WWW . INTELLIGENTCISO . COM 19