In 2019, 80% of cyber security decision-makers expected AI to increase the scale and speed of attacks and 66% expected attacks to evolve to “conduct attacks that no human could conceive of”. In 2023, security experts say this is already happening with AI-enabled cyberattacks being an issue that organisations are unable to cope with. Those that leverage generative AI models such as ChatGPT need to be aware of the trustworthy nature of the coding packages it outputs as it can be leveraged to spread malicious packages into developer’s environments through data poisoning.
Figure 23: Vulnerability Disclosures per Quarter 2019-2023
Figure 23 demonstrates that NCC Groups 2022 prediction that there would be an increase in vulnerability disclosures was correct. 2023 saw a substantial increase in vulnerability disclosures and was a record year compared to 2022 where the number of vulnerabilities disclosed per quarter increased substantially up 38.5% on average, beginning a continuous upwards trajectory seen in 2022.
This average is heavily weighted towards a high number of vulnerabilities during Q2 of 2023 (7150 vulnerabilities) and the lowest number of critical vulnerabilities being disclosed at 1132. If the anomaly of Q2 is excluded, then critical vulnerabilities as a percentage of disclosed vulnerabilities remains in a decline at 9% compared to 2022. It is noteworthy, that given the substantial increase in vulnerability disclosures, the number of critical vulnerabilities being disclosed were still at record levels with an average of 1295 critical disclosures per quarter, up 21% year on year.
However, on average, per quarter the number of critical vulnerabilities disclosed was down 12%.
54
Made with FlippingBook - PDF hosting