According to the 202s Threat Landscape Report from Tenable, the number one group of most-frequently exploited vulnerabilities represents a large pool of known weaknesses, some of which were originally disclosed as far back as 2017. Organisations that failed to apply vendor patches for these vulnerabilities were at increased risk of attacks throughout 2022.

"The data highlights that long-known vulnerabilities frequently cause more destruction than the shiny new ones," said Bob Huber, chief security officer and head of research, Tenable. "Cyberattackers repeatedly find success exploiting these overlooked vulnerabilities to obtain access to sensitive information. Numbers like these conclusively demonstrate that reactive post-event cybersecurity measures aren't effective at mitigating risk. The only way to turn the tide is to shift to preventive security and exposure management.”