Coalition’s Cyber Threat Index 2024 Predicts Total Published CVEs to Increase by 25% in 2024

Company Recommends Organizations Address Influx of Vulnerabilities and Exposures with  Human-Managed Detection and Response Tools

SAN FRANCISCOFebruary 21, 2024 — Coalition, the world's first Active Insurance provider designed to prevent digital risk before it strikes, today published its Cyber Threat Index 2024, detailing insights on cybersecurity trends from 2023 and emerging threats businesses should be aware of in 2024. According to the report, Coalition expects the total number of common vulnerabilities and exposures (CVEs) to increase by 25% in 2024 to 34,888 vulnerabilities, or roughly 2,900 per month.

"New vulnerabilities are published at a rapid rate and growing. With an influx of new vulnerabilities, often sprouting via disparate flagging systems, the cyber risk ecosystem is hard to track. Most organizations are experiencing alert fatigue and confusion about what to patch first to limit their overall exposure and risk,” commented Coalition’s Head of Research, Tiago Henriques. “In today’s cybersecurity climate, organizations can't be expected to manage all of the vulnerabilities on their own; they need someone to manage these security concerns and help them prioritize remediation. We share these insights, as well as our Coalition Exploit Scoring System, in the hopes that it will make the complicated cyber ecosystem a little more manageable for companies of all sizes.”

Other key findings from the report include:

  • Unique IP addresses scanning for Remote Desktop Protocol (RDP) increased by 59%. This is particularly concerning because Coalition data also reveals that businesses with RDP exposed to the internet are the most likely to experience a ransomware event. 

  • Scans found that around 10,000 businesses are running the end-of-life (EOL) database Microsoft SQL Server 2000, and over 100,000 businesses are running EOL Microsoft SQL servers

  • Honeypot (sensor) activity spiked by 1,000% 16 days before Progress Software issued its MOVEit security advisory

Coalition’s honeypots monitor for spikes to identify the biggest CVEs before they make news headlines – thus providing companies with the opportunity to take action before an incident can occur. These large-scale cyber events, like MOVEit or Citrix Bleed, could have been contained if businesses had dedicated managed detection and response (MDR) solutions in place.

"Coalition has first-hand experience demonstrating that MDR can reduce attack response time by 50% or more – a massive impact to help protect businesses from cyber threats,” said John Roberts, General Manager, Security, at Coalition. “We’re at the point where just setting and forgetting a technology solution is not enough anymore, and experts need to be involved in vulnerability and risk management. With MDR, after technology detects suspicious activity, human experts can intervene in numerous ways, including isolating impacted machines or revoking privileges. Coalition has experience doing exactly this to stop cyber criminals mid-attack.”

Coalition is on a mission to protect the unprotected: Improving security defenses and outcomes for policyholders and non-policyholders to bolster resilience and reduce cyber risk worldwide. Coalition leverages its unique insights as an insurance provider to educate the market about what security concerns contribute to losses and shares these insights with others to spread awareness about these risks and provide ways for organizations, policyholders or not, to remediate them.

To read Coalition’s full findings and download the complete report, visit: https://info.coalitioninc.com/download-cyber-threat-index-2024-b.html

About Coalition

Coalition is the world's first Active Insurance provider designed to help prevent digital risk before it strikes. By combining comprehensive insurance coverage and cybersecurity tools, Coalition helps businesses manage and mitigate digital risks. Coalition offers its Active Insurance products in the U.S., the U.K., Canada, and Australia through relationships with leading global insurers and cyber capacity through its own carrier, Coalition Insurance Company. Coalition's Active Risk Platform provides automated security alerts, threat intelligence, expert guidance, and cybersecurity tools to help businesses worldwide remain resilient against cyber attacks. Headquartered in San Francisco, Coalition is a distributed company with a global workforce that collaborates digitally and in office hubs.

Insurance products are offered by Coalition Insurance Solutions Inc. (“CIS”), a licensed insurance producer and surplus lines broker with its principal place of business in San Francisco, CA (Cal. license #0L76155), acting on behalf of a number of unaffiliated insurance companies and available on an admitted basis through certain carriers. Insurance products offered through CIS and CIC may not be available in all states. CIS may receive compensation from an insurer or other intermediary in connection with the sale of insurance. All decisions regarding any insurance products referenced herein, including approval for coverage, premium, commission, and fees, will be made solely by the insurer underwriting the insurance under the insurer’s then-current criteria. All insurance products are governed by the terms, conditions, limitations, and exclusions set forth in the applicable insurance policy. Please see a copy of your policy for the full terms, conditions, and exclusions. Copyright © 2024. All rights reserved. Coalition and the Coalition logo are trademarks of Coalition, Inc. or its affiliates.