Cybercriminals can’t launch attacks on IT systems unless there are openings for them to exploit – which is why the latest analysis from the Forum of Incident Response and Security Teams (FIRST), makes sobering reading for anyone responsible for protecting their organisation’s digital systems and data.
► Organisations need to prepare for potentially higher numbers
► Security experts need to be brought in earlier to help with management
According to FIRST, the number of new common vulnerabilities and exposures (CVEs) can be expected to reach around 59,000 this year – the first time they have been over 50,000. A CVE is US-backed identifier used to catalogue and classify known security vulnerabilities. The slightly better news is that the number of new CVEs is expected to decline to fall back to around 51,000 in 2027 and 53,000 in 2028.
But these are ‘median’ expectations – the actual number could be higher or lower. The higher estimate for this year is 117,673, while the lower figure is 30,012. Onerously, even though the median predication is lower, the high-end forecast for 2028 is 193,000.
The organisation said that anyone planning and managing patching across an IT estate, compiling vulnerability disclosure reports, or developing endpoint protection and response, intrusion detection systems (IDS), or security information and event management (SIEM) systems should be aware that volumes are likely to increase this year.
While security vendors will be preparing, end-user organisations and partners also need to be aware of the greater potential for exposure and ready to respond. Security experts need to be brought in earlier to help prepare and manage effective processes, rather than being called in on a reactive basis.
Inspired by
