The number of publicly disclosed information security issues will increase dramatically next year, according to a report released Wednesday by the Executive Public Agency Alliance Inc.
The number of common vulnerability exposures, a database of these incidents maintained by the National Cybersecurity Federally Funded Research and Development Center, is expected to increase to more than 1,900 CVEs per month, including 270 considered “high severity.” 155 is considered “critical-severity,” according to the report.
This will increase the average monthly critical incidents by 13% from 2022 onwards, according to the Cyber Threat Index 2022 report.
Email addresses and passwords continue to top the list of information lost due to data breaches, the report said.
It says that Remote Desktop Protocol is “by far” the most common remote scanning protocol used by attackers, and that RDP scanning traffic is the most prevalent.
“This means that attackers are still accessing systems using older protocols with new vulnerabilities such as RDP, which is why patching these quickly is critical,” the report said.
The alliance said it compiled its report based on critical information gathered from underwriting and claims practices and from web scans of 5.2 billion Internet protocol addresses.
The company said in a statement that it recommends companies and their security and IT teams prioritize applying software updates within 30 days of a patch release and follow regular update cycles for vulnerabilities in older software to prepare for this year’s threats.