Redscan has a new report on critical vulnerabilities logged by the National Institute of Standards (NIST) in 2020. As summarized in Cyber Security Intelligence (cybersecurityintelligence.com/blog/a-new-generation-critical-vulnerabilities-5478.html), a record of over 18,000 vulnerabilities were logged, and 57% -over 10,000 - were critical or high severity.
Increases were reported in low complexity vulnerabilities (63% of total) and those requiring no user interaction (68%). Physical vulnerabilities spiked because more IoT and smart devices are in use. On the other hand, vulnerabilities requiring no user privleges declined from 71% in 2016 to 58% in 2020.
The challenge to cybersecurity is knowing which vulnerabilities to prioritize. Some are too complex to exploit easily, while low risk vulnerabilities can allow attackers to move from one stage to another. Security teams need to defend in depth, and use supplementary controls like continuous network and endpoint monitoring.