Experts Predict Record 20,000 CVEs for 2020

Written by

This year could see a record breaking 20,000 vulnerabilities reported, with major increases in mobile bugs already in 2020, according to Skybox Security.

The security vendor’s midyear update to its 2020 Vulnerability and Threat Trends Report contains some concerning findings for organizations as they struggle to manage cyber-risk at a time of mass remote working.

With 9000 vulnerabilities reported in the first half of the year, the firm is predicting the final total for 2020 could top twice as much as that. The figure for new CVEs in 2019 was 17,304. Without risk-based automated patch management systems, organizations struggle to mitigate these issues, leaving them exposed to attacks.

Part of this increase is due to a surge in Android OS flaws: these increased 50% year-on-year, according to Skybox.

“This rise has come at the same time as home networks and personal devices increasingly intersect with corporate networks as a result of the move towards a mass, remote workforce,” the report claimed.

“These trends should focus the need for organizations to improve access controls and gain visibility of all ingress and egress points to their network infrastructure.”

The report also revealed an increase in new ransomware variants of 26% year-on-year in the first half of 2020, leading the way ahead of Trojans (23%), botnets (21%), backdoors (15%) and RATs (15%).

The firm claimed to have monitored 77 new ransomware campaigns in the first few months of the pandemic as cyber-criminals sought to take advantage of unpatched systems, distracted workers and overwhelmed IT teams.

“COVID-19 has completely reshaped the way that organizations and their employees work. With the majority of the workforce now working remotely, the network perimeter has significantly widened – securing this perimeter now needs to be a top strategic priority,” argued Ron Davidson, VP of R&D and CTO of Skybox Security.

“Organizations need to be able to identify the flaws that sit within both personal and professional devices. They also need to be able to model their expanded network so that they can understand all potential attack vectors.”

What’s hot on Infosecurity Magazine?