New Tenable Research Reveals Only 3% of Vulnerabilities Pose Significant Cybersecurity Risk

Exposure Management | Reports & Predictions | Threat Intelligence

Posted: Monday, Sep 02

KBI.Media
$
Posts
$
BUSINESS
$
Exposure Management
$
New Tenable Research Reveals Only 3% of Vulnerabilities Pose Significant Cybersecurity Risk

i 3 Table of Contents

New Tenable Research Reveals Only 3% of Vulnerabilities Pose Significant Cybersecurity Risk

From Tenable

Introduction

Tenable®, the exposure management company, has released a research report titled “The Critical Few: How to Expose and Close the Threats that Matter” that identifies the key exposure points within organisations and outlines actionable steps to mitigate potential cyber threats that could endanger business operations.

The History

Over the past two decades, Tenable has collected and analysed approximately 50 trillion data points related to over 240,000 vulnerabilities. From this extensive dataset, Tenable developed a methodology revealing that only 3% of these vulnerabilities frequently result in significant exposure risks.

With cybersecurity teams overwhelmed by vast amounts of fragmented threat intelligence and vulnerability data, Tenable conducted this study to help these teams shift toward a proactive defence strategy, focusing on eliminating the most dangerous threats.

The Scoring

The study leveraged the Vulnerability Priority Rating (VPR) model, which Tenable developed to reflect the current threat landscape. VPR values range from 0.1 to 10, with higher values indicating a greater likelihood of exploitation.

Vulnerability Priority Rating Scale

Vulnerabilities with a VPR above 9.0 are likely to be exploited if exposed, making them high-priority targets. In contrast, those with VPRs between 7.0 and 8.9 present a moderate risk, while medium and low categories (0.1 to 6.9) are less likely to be exploited.

For example, on June 2, 2024, the study analysed nearly 240,000 vulnerabilities and found that only 3.1% of them—fewer than 7,500—were classified as Critical or High.

At-date Criticality

Key Take-aways

“As cyber threats continue to evolve, it is critical for ANZ organisations to adopt a proactive cyber strategy that identifies and mitigates vulnerabilities before they can be exploited,” said Scott McKinnel, Country Manager Australia and New Zealand, Tenable.

“Our latest research shows that keeping an eagle eye on the smallest of vulnerabilities can protect organisations from significant business risks. By implementing exposure management and prioritising critical threats, both public and private sector organisations will always be one step ahead in safeguarding their vital assets.” EXAMPLE: “Without context, every vulnerability, patch, and update becomes a priority, making it nearly impossible to keep all systems up to date. ” said Arthur Capella, Country Manager, Tenable Brazil. “It’s essential to implement exposure management to prioritize what truly poses a risk to the business in a clear manner. All stakeholders must understand these risks and focus on actively preventing those that could lead to exploitation.” he added.

The full report, “The Critical Few: How to Expose and Close the Threats that Matter,” is available here.

Tenable

Today, more than 40,000 organizations around the world rely on Tenable to help them understand and reduce cybersecurity risk across their attack surface — in the cloud or on-premises, from IT to OT and beyond. Our goal is to arm every organization, no matter how large or small, with the visibility and insight needed to answer four critical questions at all times: Where are we exposed? Where should we prioritize based on risk? Are we reducing our exposure over time? How do we compare to our peers?