PR Newswire

Second Annual Synack State of Vulnerabilities Report Uncovers Spike in Severity, Progress in Remediation

2024 report includes industry-by-industry breakdown and analysis of vulnerabilities 

REDWOOD CITY, Calif., June 20, 2024 /PRNewswire/ — Synack, the premier security testing platform, today released its second annual State of Vulnerabilities report, which combines hundreds of thousands of hours of penetration testing and an analysis of over 14,000 exploitable vulnerabilities to give a direct look at severity, volume and remediation trends of software flaws across industries.

Synack Logo

“Understanding your attack surface and how successful exploitation of vulnerabilities could impact your organization is crucial to making smart security and business decisions,” said Jay Kaplan, CEO and co-founder of Synack. “We’re proud to release Synack’s second annual State of Vulnerabilities Report to help organizations in the healthcare, financial services, federal government, technology and manufacturing sectors understand what vulnerabilities they’re up against and how they can stay one step ahead of attackers. We’re seeing a lot of reasons to be optimistic, but that doesn’t mean the threat is diminishing.”

Critical-severity vulnerabilities rise, but remediation times improve
The Synack Red Team (SRT), a community of the world’s most trusted and skilled ethical hackers, discovered that across industries, customers experienced a higher share of critical-severity vulnerabilities in 2023 than in 2022, and a slight reduction in high-severity vulnerabilities. Despite mounting pressures on security teams, the organizations reduced their mean time to remediation for critical-severity vulnerabilities by 24 days and high-severity vulnerabilities by 18 days, down to 56 and 74 days, respectively.

However, the report identified the same categories of vulnerabilities persisting year after year, indicating increased threats surrounding injection flaws, which were highlighted in a recent Secure by Design Alert by the Cybersecurity and Infrastructure Security Agency. The healthcare and technology sectors both saw an increase in SQL injections, and injection flaws including XSS accounted for roughly a third of all vulnerabilities Synack discovered in 2023.

Industry-by-industry breakdown
Synack’s report reveals key findings for top-ranking vulnerabilities and remediation times for the healthcare, financial services, federal government, technology and manufacturing sectors.

Below are some key trends identified when looking at across the five industries:

  • On average, healthcare companies had more than 5,400 subdomains, 1,500 web applications and 1,400 IP addresses publicly exposed – the biggest attack surface of any industry vertical reviewed.
  • Of vulnerabilities found, nearly 1,900 were SQL injections rating as critical or high-severity.
  • Injection flaws magnified sectors’ weaknesses. On average, financial services companies took 53 days to remediate SQL injection vulnerabilities, technology companies took 57 days and healthcare companies took just 45 days.

The report draws on data from security assessments carried out on Synack’s global customer base and aligns with vulnerability categories in the OWASP Top 10 standard awareness document. The 1,500+ members of the SRT collectively spent over 27,000 days testing Synack customer assets last year, including cloud, application programming interface, AI large language model (LLM), web application, host infrastructure and mobile attack surfaces.

To read the full report, please visit: https://go.synack.com/state-of-vulnerabilities-2024 

About Synack
Synack’s premier security testing platform harnesses a talented, vetted community of security researchers and smart technology to deliver continuous penetration testing and vulnerability management, with actionable results. We are committed to making the world more secure by closing the cybersecurity skills gap, giving organizations on-demand access to the most trusted security researchers in the world. Headquartered in Silicon Valley with regional teams around the world, Synack protects a growing list of Global 2000 customers and U.S. agencies in a FedRAMP Moderate Authorized environment. Synack’s comprehensive approach to Pentesting as a Service (PTaaS) uncovered more than 14,000 exploitable vulnerabilities in 2023 alone. For more information, please visit www.synack.com.

Logo – https://mma.prnewswire.com/media/838158/Synack_Logo_v2.jpg

Cision View original content:https://www.prnewswire.co.uk/news-releases/second-annual-synack-state-of-vulnerabilities-report-uncovers-spike-in-severity-progress-in-remediation-302177398.html


You Might Also Like

Huawei to Train Additional 150,000 people in Sub-Saharan Africa by 2027
Sushui Tech to show "Critical Power for Critical Communication" Solution at CCW 2024
Huawei Unveils Four Scenario-based Solutions for Healthcare, Contributing New Ideas to Smart Hospital Construction
CGTN: Five decades on, China and Malaysia to accelerate building a community with a shared future
Xinhua Silk Road: Experts meet to discuss financial technology innovation, development and Chengdu’s role as fintech highland
Share This Article
Previous Article Fearless of Heat, Endless Circulation: Farasis Energy’s Battery Technology Achieves New Breakthroughs Again
Next Article LG ESTABLISHES GLOBAL R&D TRIANGLE TO DEVELOP HIGH-PERFORMANCE HEAT PUMPS IN EXTREME COLD

Latest News

UAE and Austria deepen strategic partnership talks
UAE and Austria deepen strategic partnership talks
UAE president and Greek PM hold Abu Dhabi talks
UAE president and Greek PM hold Abu Dhabi talks
UAE and France hold talks on regional stability
UAE and France hold talks on regional stability
UAE and Mauritania presidents deepen bilateral ties
UAE and Mauritania presidents deepen bilateral ties
UAE India dialogue turns to security and energy
UAE India dialogue turns to security and energy
UAE mediation helps Russia and Ukraine swap 386 captives
UAE mediation helps Russia and Ukraine swap 386 captives