2024 report includes industry-by-industry
breakdown and analysis of vulnerabilities
REDWOOD
CITY, Calif., June 20,
2024 /PRNewswire/ -- Synack, the premier
security testing platform, today released its second annual State
of Vulnerabilities report, which combines hundreds of thousands of
hours of penetration testing and an analysis of over 14,000
exploitable vulnerabilities to give a direct look at severity,
volume and remediation trends of software flaws across
industries.
![Synack Logo (PRNewsfoto/Synack) Synack Logo (PRNewsfoto/Synack)](https://mma.prnewswire.com/media/838158/Synack_Logo_v2.jpg)
"Understanding your attack surface and how successful
exploitation of vulnerabilities could impact your organization is
crucial to making smart security and business decisions," said
Jay Kaplan, CEO and co-founder of
Synack. "We're proud to release Synack's second annual State of
Vulnerabilities Report to help organizations in the healthcare,
financial services, federal government, technology and
manufacturing sectors understand what vulnerabilities they're up
against and how they can stay one step ahead of attackers. We're
seeing a lot of reasons to be optimistic, but that doesn't mean the
threat is diminishing."
Critical-severity vulnerabilities rise, but remediation times
improve
The Synack Red Team (SRT), a community of the
world's most trusted and skilled ethical hackers, discovered that
across industries, customers experienced a higher share of
critical-severity vulnerabilities in 2023 than in 2022, and a
slight reduction in high-severity vulnerabilities. Despite mounting
pressures on security teams, the organizations reduced their mean
time to remediation for critical-severity vulnerabilities by 24
days and high-severity vulnerabilities by 18 days, down to 56 and
74 days, respectively.
However, the report identified the same categories of
vulnerabilities persisting year after year, indicating increased
threats surrounding injection flaws, which were highlighted in a
recent Secure by Design Alert by the Cybersecurity and
Infrastructure Security Agency. The healthcare and technology
sectors both saw an increase in SQL injections, and injection flaws
including XSS accounted for roughly a third of all vulnerabilities
Synack discovered in 2023.
Industry-by-industry breakdown
Synack's report reveals
key findings for top-ranking vulnerabilities and remediation times
for the healthcare, financial services, federal government,
technology and manufacturing sectors.
Below are some key trends identified when looking at across the
five industries:
- On average, healthcare companies had more than 5,400
subdomains, 1,500 web applications and 1,400 IP addresses publicly
exposed – the biggest attack surface of any industry vertical
reviewed.
- Of vulnerabilities found, nearly 1,900 were SQL injections
rating as critical or high-severity.
- Injection flaws magnified sectors' weaknesses. On average,
financial services companies took 53 days to remediate SQL
injection vulnerabilities, technology companies took 57 days and
healthcare companies took just 45 days.
The report draws on data from security assessments carried out
on Synack's global customer base and aligns with vulnerability
categories in the OWASP Top 10 standard awareness document. The
1,500+ members of the SRT collectively spent over 27,000 days
testing Synack customer assets last year, including cloud,
application programming interface, AI large language model (LLM),
web application, host infrastructure and mobile attack
surfaces.
To read the full report, please visit:
https://go.synack.com/state-of-vulnerabilities-2024
About Synack
Synack's premier security testing
platform harnesses a talented, vetted community of security
researchers and smart technology to deliver continuous penetration
testing and vulnerability management, with actionable results. We
are committed to making the world more secure by closing the
cybersecurity skills gap, giving organizations on-demand access to
the most trusted security researchers in the world. Headquartered
in Silicon Valley with regional teams around the world, Synack
protects a growing list of Global 2000 customers and U.S. agencies
in a FedRAMP Moderate Authorized environment. Synack's
comprehensive approach to Pentesting as a Service (PTaaS) uncovered
more than 14,000 exploitable vulnerabilities in 2023 alone. For
more information, please visit www.synack.com.
View original content to download
multimedia:https://www.prnewswire.com/news-releases/second-annual-synack-state-of-vulnerabilities-report-uncovers-spike-in-severity-progress-in-remediation-302177388.html
SOURCE Synack