2016 State of Vulnerability Risk Management

Explore the 2016 threat landscape and walk away with practical action items to help you boost your vulnerability risk management

Our NopSec Labs Team have been busy these past few months meticulously gathering and analyzing public and anonymized client vulnerability data to present this year’s State of Vulnerability Risk Management Report.

Some of Our Findings::

  • The CVSS Impact Sub-score – It’s common knowledge that the CVSS Score in isolation is not enough when prioritizing vulnerabilities, but its Impact sub-score, combined with other factors such as social media trends and data feeds, can actually give us better risk prioritization information. (Scoring a majority of vulnerabilities a 9 or a 10 makes it impossible to prioritize after all).
  • Social media is a rising star in the infosec industry – According to Recorded Future, Social media is now a top POC dissemination platform (followed by code repositories by a distant second), and Twitter is ahead of the pack. To date, NopSec’s Unified VRM is the only vulnerability risk management platform in the industry that fully incorporates Twitter data into its risk ranking evaluation.
  • Eyes on the prize – At first glance, you would think that unethical hackers would take the easy route. However, the report found that attackers focus on the results rather than the ease of work involved. A key takeaway: Know the value of your digital assets and protect it accordingly. If it’s valuable enough, motivated attackers will attempt to acquire it regardless of how easy or hard it is to exploit your IT environment.
  • Unethical Hackers are Keeping Pace – With all the great strides the cybersecurity industry has developed to protect digital assets, it is to be expected that attackers will grow and adapt to it. Exploit kits such as Angler and Nuclear are becoming increasingly sophisticated, and are aimed towards major vendors such as Microsoft and Adobe.
    This is just an overview, and we invite you to explore the report in more detail by downloading a copy using the link below. We also have an on-demand webinar that helps you make the most out of the report. Reach out to us anytime should you have any questions!