A recent joint cybersecurity advisory from U.S and allied cybersecurity authorities identified the top exploited vulnerabilities and exposures (CVEs) of last year. Out of the 15 vulnerabilities that made the list, which we’ve placed below, it is interesting to see 11 of the 15 are from 2021. There are 4 other vulnerabilities identified in 2020 and earlier that are routinely exploited – an obvious sign that organizations aren’t patching systems in a timely manner and remain exposed to those threats.
Within the advisory, it was noted that the speed and scale of malicious actors taking advantage of new vulnerabilities has increased. So it is of critical importance that organizations are taking action to address new vulnerabilities as soon as they are disclosed.
There may be reasons why organizations aren’t taking immediate action, but the risk acceptance leaves those organizations open to exploit.
Source: 2021 Top Routinely Exploited Vulnerabilities, https://www.cisa.gov/uscert/ncas/alerts/aa22-117a
In light of the new advisory, here are a few reminders of how you can reduce your organization’s cyber risk:
If your organization needs help identifying any of the vulnerabilities on the list, please reach out to us for a free cyber risk assessment.