The study showed how the systematization of errors affects cybersecurity.
According to a Bitsight study, the CISA KEV catalog has a noticeable positive impact on companies. The catalog has been around for almost 3 years and has become the main source of data on vulnerabilities actively exploited by hackers around the world.
According to Bitsight, errors from the catalog are resolved on average 3.5 times faster than others. The average time to fix bugs from KEV is 6 months of the day, compared to 1.7 years for vulnerabilities not included in KEV.
Vulnerabilities used for ransomware attacks are particularly quickly fixed. Such vulnerabilities account for 20% of the KEV catalog and are fixed on average 2.5 times faster.
The data is based on scans of 1.4 million locations, including companies, educational institutions, and local governments. In 2023, 35% of all monitored organizations experienced at least one vulnerability from the KEV list, and most of them had several such problems.
Error correction deadlines for federal civil agencies that follow direct CISA guidelines are strictly regulated. Such agencies are 56% more likely to meet deadlines than other organizations. About 40% of all organizations that do not fall under the CISA rules also meet the established deadlines.
Technology companies manage vulnerabilities most quickly, while educational institutions and local governments experience the greatest difficulties.
This report highlights the importance of timely response to vulnerabilities, especially those that can be exploited in ransomware attacks, and shows the effectiveness of the KEV catalog as a tool for improving cybersecurity at various levels of management and in business.
According to a Bitsight study, the CISA KEV catalog has a noticeable positive impact on companies. The catalog has been around for almost 3 years and has become the main source of data on vulnerabilities actively exploited by hackers around the world.
According to Bitsight, errors from the catalog are resolved on average 3.5 times faster than others. The average time to fix bugs from KEV is 6 months of the day, compared to 1.7 years for vulnerabilities not included in KEV.
Vulnerabilities used for ransomware attacks are particularly quickly fixed. Such vulnerabilities account for 20% of the KEV catalog and are fixed on average 2.5 times faster.
The data is based on scans of 1.4 million locations, including companies, educational institutions, and local governments. In 2023, 35% of all monitored organizations experienced at least one vulnerability from the KEV list, and most of them had several such problems.
Error correction deadlines for federal civil agencies that follow direct CISA guidelines are strictly regulated. Such agencies are 56% more likely to meet deadlines than other organizations. About 40% of all organizations that do not fall under the CISA rules also meet the established deadlines.
Technology companies manage vulnerabilities most quickly, while educational institutions and local governments experience the greatest difficulties.
This report highlights the importance of timely response to vulnerabilities, especially those that can be exploited in ransomware attacks, and shows the effectiveness of the KEV catalog as a tool for improving cybersecurity at various levels of management and in business.
