Cloud Wars
  • Home
  • Top 10
  • CW Minute
  • CW Podcast
  • Categories
    • AI and Copilots
    • Innovation & Leadership
    • Cybersecurity
    • Data
  • Member Resources
    • Cloud Wars AI Agent
    • Digital Summits
    • Guidebooks
    • Reports
  • About Us
    • Our Story
    • Tech Analysts
    • Marketing Services
  • Summit NA
  • Dynamics Communities
  • Ask Copilot
Twitter Instagram
  • Summit NA
  • Dynamics Communities
  • AI Copilot Summit NA
  • Ask Cloud Wars
Twitter LinkedIn
Cloud Wars
  • Home
  • Top 10
  • CW Minute
  • CW Podcast
  • Categories
    • AI and CopilotsWelcome to the Acceleration Economy AI Index, a weekly segment where we cover the most important recent news in AI innovation, funding, and solutions in under 10 minutes. Our goal is to get you up to speed – the same speed AI innovation is taking place nowadays – and prepare you for that upcoming customer call, board meeting, or conversation with your colleague.
    • Innovation & Leadership
    • CybersecurityThe practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.
    • Data
  • Member Resources
    • Cloud Wars AI Agent
    • Digital Summits
    • Guidebooks
    • Reports
  • About Us
    • Our Story
    • Tech Analysts
    • Marketing Services
    • Login / Register
Cloud Wars
    • Login / Register
Home » How to Protect Your Business Against Today’s Security Vulnerabilities
Cybersecurity

How to Protect Your Business Against Today’s Security Vulnerabilities

Bill DoerrfeldBy Bill DoerrfeldOctober 5, 2022Updated:August 4, 20235 Mins Read
Facebook Twitter LinkedIn Email
software vulnerabilities rising, and how to prevent them
Share
Facebook Twitter LinkedIn Email
Acceleration Economy Cybersecurity

In the last few years, the tech industry has experienced a massive uptick in vulnerabilities. This increase is partly due to new software supply chain disruptions and risks in widely used open-source packages. Even as sophisticated attacks emerge daily, hackers continue to leverage older, known, and unpatched vulnerabilities to wreak havoc on insecure systems.

Trustwave recently released an interesting report titled “Decade Retrospective: The State of Vulnerabilities.” The report rehashes major exploits over a 10-year timespan between 2011 and 2021. As the data shows, risks concerning web-based applications have dominated the last decade. Additionally, medium-severity vulnerabilities have risen exponentially since 2017.

Below, I’ll highlight the report’s key takeaways and consider how organizations can use this knowledge to better arm themselves against future threats. We’ll also revisit the top 10 most significant vulnerabilities from the last decade and anticipate what the coming decade will hold.

Summarizing 10 Years of Vulnerabilities

The National Institute of Standards and Technology (NIST) operates the comprehensive National Vulnerability Database (NVD), which showcases a severity distribution of software vulnerabilities from 2000 to the present day. The NVD data shows a consistent overall trend of increasing vulnerabilities throughout the last decade, with a spike in 2017 and a hockey-stick growth since.

National Vulnerability Database showcases a severity distribution of software vulnerabilities from 200 to the present day.

If we turn to data produced by Exploit Database, we can see that vulnerabilities have specifically targeted web applications over the past decade. Web application vulnerabilities are outnumbering DOS, local, and remote attack types.

Another source, Common Weakness Enumeration (CWE), continually lists cross-site scripting (XSS) as a staple vulnerability. This is consistent with other research, which marks XSS as a top web application risk; followed by cross-site request forgery (CSRF); SQL injection (SQLi); server-side request forgery (SSRF); local file inclusion (LFI); and remote code execution (RCE), among others.

The 10 Most Significant Exploits of the Last Decade

Exploits can cause significant damage to a company’s reputation and lead to hefty financial losses. IBM’s “Cost of a Data Breach Report,” now in its 17th year, found the average data breach cost to be $4.35 million in 2022, up more than 12 percent from two short years ago. Over the past decade, certain vulnerabilities plagued the industry more than others. In their retrospective, Trustwave listed these top 10 exploits:

  1. SolarWinds Hack
  2. EternalBlue exploit
  3. Heartbleed
  4. Shellshock
  5. Apache RCE and Equifax breach
  6. Meltdown
  7. BlueKeep
  8. Drupalgeddon
  9. Sandworm
  10. Ripple20

To add to this list, the Apache Log4j vulnerability, a remote code execution (RCE) risk discovered in late 2021, is estimated to affect upwards of 3 billion devices. Permutations of the vulnerability continue to emerge — for example, Spring4Shell has been found to be similarly devastating under the proper conditions.

Why Unpatched Vulnerabilities Persist

Surprisingly, attackers continue to exploit known vulnerabilities in the wild — fixes and patches are usually available but are often not utilized by all clients. As a result, there are still many vulnerable, publicly exposed servers on the Internet. So, why does this problem continue? According to the Trustwave retrospective, unpatched vulnerabilities likely persist, in part, due to a lack of knowledge. Organizations may not have the proper security observability to monitor all their services. Without a complete inventory of an enterprise’s software footprint, auditing every piece of potentially vulnerable code can be difficult.

Another reason vulnerabilities might persist is a slow reaction time to zero-day exploits. The Project Zero team at Google found that software vendors take, on average, 15 days to patch a vulnerability that is being used in active attacks. Depending on the type of exploit, this could be ample time for bad actors to discover the vulnerability and take action against unpatched victims. Then, of course, there is the time between a patch release and the client implementing the fix. Studies estimate that it takes two months, on average, for an organization to patch known critical risks. This delay is possibly extended out of fear of the patch interrupting the company’s workflow.

It’s always good to take a retrospective after a single security incident. The same thinking applies to broader trends throughout the industry. These vulnerability trends we’ve witnessed throughout the previous decades will undoubtedly inform the future of cybersecurity efforts. Storied attack types will continue to threaten organizations as new, more nuanced vulnerabilities introduce themselves alongside novel technology adoption.

Armoring Up for the Next Decade of Zero Days

Looking to the next decade, companies should prepare for a new class of zero-day exploits. For example, the adoption of a new cloud-native stack is currently underway throughout most enterprises. While containers, Kubernetes, and other cloud-native architecture triumphs over elasticity and reliability, they carry the potential for misconfigurations, broken access control, leaked secrets, and other novel cloud-native threats. One minor leak in the cloud infrastructure could expose it to a wide surface area of attack, leaving an organization prone to ransomware or cryptojacking.

Increased work-from-home policies also invite new frailties concerning remote access, causing CISOs to play a careful balancing act between flexibility and security. In this new paradigm, zero-trust architecture has emerged to treat all request patterns with the same level of scrutiny, no matter if they’re an internal employee or an external user.

Simultaneously, open data and application programming interfaces (APIs) are on the rise, underpinning the need for tight access control to avoid breaking the rule of least privilege. To protect today’s interconnected mesh of services, some are turning to artificial intelligence to scan requests for bad actors. In this way, systems could automatically prevent those with malicious intent from performing reconnaissance and introspection.

To sum up, the findings from these reports reinforce the need to patch compromised servers, use active threat monitoring, and prepare for quick responses to future zero-day exploits.


Want more cybersecurity insights? Visit the Cybersecurity channel:

Acceleration Economy Cybersecurity

Cyber Attack Cybersecurity database featured NIST supply chain Vulnerability management work from anywhere work from home zero trust
Share. Facebook Twitter LinkedIn Email
Bill Doerrfeld
  • LinkedIn

Bill Doerrfeld, an Acceleration Economy Analyst focused on Low Code/No Code & Cybersecurity, is a tech journalist and API thought leader. Bill has been researching and covering SaaS and cloud IT trends since 2013, sharing insights through high-impact articles, interviews, and reports. Bill is the Editor in Chief for Nordic APIs, one the most well-known API blogs in the world. He is also a contributor to DevOps.com, Container Journal, Tech Beacon, ProgrammableWeb, and other presences. He's originally from Seattle, where he attended the University of Washington. He now lives and works in Portland, Maine. Bill loves connecting with new folks and forecasting the future of our digital world. If you have a PR, or would like to discuss how to work together, feel free to reach out at his personal website: www.doerrfeld.io.

Related Posts

AI Agents, Data Quality, and the Next Era of Software | Tinder on Customers

July 3, 2025

AI Agent & Copilot Podcast: AIS’ Brent Wodicka on Operationalizing AI, the Metrics That Matter

July 3, 2025

Ajay Patel Talks AI Strategy and Enterprise Adoption Trends | Cloud Wars Live

July 2, 2025

Slack API Terms Update Restricts Data Exports and LLM Usage

July 2, 2025
Add A Comment

Comments are closed.

Recent Posts
  • AI Agents, Data Quality, and the Next Era of Software | Tinder on Customers
  • AI Agent & Copilot Podcast: AIS’ Brent Wodicka on Operationalizing AI, the Metrics That Matter
  • Ajay Patel Talks AI Strategy and Enterprise Adoption Trends | Cloud Wars Live
  • Slack API Terms Update Restricts Data Exports and LLM Usage
  • Google Cloud Still World’s Hottest Cloud and AI Vendor; Oracle #2, SAP #3

  • Ask Cloud Wars AI Agent
  • Tech Guidebooks
  • Industry Reports
  • Newsletters

Join Today

Most Popular Guidebooks

Accelerating GenAI Impact: From POC to Production Success

November 1, 2024

ExFlow from SignUp Software: Streamlining Dynamics 365 Finance & Operations and Business Central with AP Automation

September 10, 2024

Delivering on the Promise of Multicloud | How to Realize Multicloud’s Full Potential While Addressing Challenges

July 19, 2024

Zero Trust Network Access | A CISO Guidebook

February 1, 2024

Advertisement
Cloud Wars
Twitter LinkedIn
  • Home
  • About Us
  • Privacy Policy
  • Get In Touch
  • Marketing Services
  • Do not sell my information
© 2025 Cloud Wars.

Type above and press Enter to search. Press Esc to cancel.

  • Login
Forgot Password?
Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.