2023 QUALYS TRURISK RESEARCH REPORT

In 2022, the Qualys Threat Research Unit (TRU) detected more than 2.3 billion anonymized vulnerabilities around the globe to bring you industry-bending insights collected and curated within the 2023 Qualys TruRisk Threat Research Report.

In this Report, Qualys explores the most common ways adversaries exploit vulnerabilities and render attacks. With analysis performed by TRU throughout 2022, this report provides security teams with data-backed insights that help them gain victory without battle now and into the future.

Download The 2023 TruRisk Threat Research Report to better understand your organization's cybersecurity needs and how to better communicate threat data to executives and leaders who might need help understanding cybersecurity within a cyber risk context.

Key findings and risk facts within the report are:

Read the Full Report

1

Speed is the key to outmaneuvering adversaries

On average, weaponized vulnerabilities are patched within 30.6 days yet only patched an average of 57.7% of the time. These same vulnerabilities are weaponized by attackers in 19.5 days on average. This means that attackers have 11.1 days of exploitation opportunities before organizations begin patching.

2

Automation is the difference between success and failure

The mean time to remediation of weaponized vulnerabilities related to Chrome or Windows is 17.4 days, with an effective patch rate of 82.9%. Windows and Chrome are patched twice as fast and twice as often as other applications.

diagram-2
3

Initial Access Brokers (IABs) attack what organizations ignore

IAB vulnerabilities have a mean time to remediation of 45.5 days, compared to 17.4 days for Windows and Chrome. The patch rates are also lower, patched at a rate of 68.3% compared to 82.9% for Windows and Chrome.

diagram-3
4

Misconfigurations in web apps are the biggest source of PII exposure

This report includes anonymous detections in 2022 from the Qualys Web Application Scanner, which globally scanned 370,000 web applications and correlated data against the OWASP Top 10. The scans revealed more than 25 million vulnerabilities, 33% of which were classified as OWASP Category A05: Misconfiguration.

diagram4
5

Infrastructure misconfigurations open the door to ransomware

Misconfigurations - errors that are unintended actions by an internal party - make up a large part of weaknesses in web applications and are one of the top reasons for data breaches.

diagram-5

Download this year's report to learn:

  • Common ways adversaries exploit vulnerabilities to render attacks.
  • Data-backed insights that help you secure your organization from cyber risk.
  • How to better communicate threat data to executives and leaders.

Download Report