A Tenable®, exhibition management company, released the report "The Critical Few: How to Expose and Close the Threats that Matter" which identifies the main points of exposure within organizations and shows how to mitigate potential cyber threats that could jeopardize business operations
In the last two decades, Tenable collected and analyzed approximately 50 trillion data points related to more than 240,000 vulnerabilities. From this extensive database, the company developed a methodology that indicates that of this total only 3% frequently result in significant exposure risks
With cybersecurity teams overwhelmed by large amounts of fragmented data on threats and vulnerabilities, Tenable conducted this study to help these teams shift to a proactive defense strategy, focusing on the elimination of the most dangerous threats
The study calculated the Vulnerability Priority Rating (VPR) model, that Tenable developed to reflect the current threat landscape. The VPR values range from 0,1 to 10, with higher values indicating a greater likelihood of exploitation. According to the table below
| Category VPR | VPR Scope |
| Critical | 9,0 to 10 |
| High | 7,0 to 8,9 |
| Average | 4,0 to 6,9 |
| Low | 0,1 to 3,9 |
Vulnerabilities with VPR above 9,0 will probably be explored if exposed, making them high-priority targets. In contrast, those with VPRs between 7,0 and 8,9 present a moderate risk, while medium and low categories (0,1 to 6,are less likely to be exploited
| Data | Critical | High | Average | Low | % High & Critical |
| 02/06/2024 | 853,00 | 6.627,00 | 94.170,00 | 138.272,00 | 3,10% |
For example, on June 2, 2024, the study analyzed nearly 240 thousand vulnerabilities and found that only 3,1% of them — less than 7.500 — were classified as Critical or High
"Without a context, each vulnerability, patch and update become a priority, making it almost impossible to keep all systems updated."said Arthur Capella, Country Manager, Tenable Brazil. It is essential to implement exposure management to prioritize what truly represents a risk to the business clearly. All stakeholders must understand these risks and focus on actively preventing those that could lead to exploitation,added
The complete report, “The Critical Few: How to Expose and Close the Threats that Matter”, is availablehere.
