When it comes to security, the landscape for businesses is always changing. The IT industry is engaged in a seemingly never-ending arms race against criminal hackers who are constantly coming up with new ways of breaking into systems.
As the potential rewards for these activities become higher - from access to valuable personal data and intellectual property through to extortion via ransomware - hackers are always on the lookout for new loopholes and vulnerabilities to exploit, while security professionals must constantly keep up with whatever new tactics and weaknesses are uncovered.
The threat of zero-day attacks
One of the most dangerous threats to any organization is zero-day vulnerabilities. These are a type of software vulnerability that is unknown to security professionals who would try to guard against it. Such flaws are hugely valuable to hackers, who may spend huge amounts of resources looking for vulnerabilities that no-one has yet noticed, because, as the name suggests, if they are able to take advantage of such a hole, businesses will have no time to mount a defense.
Day zero refers to the first time the public and developers become aware of a weakness in a system - therefore any vulnerability which has not yet been publicly identified is a zero-day vulnerability. Because security pros and vendors are not aware of the existence of these bugs, they will clearly not be able to take any steps to fix the problem, which may give hackers free rein to exploit the security hole.
In such cases, all security professionals can do is enter firefighting mode and try to stop the spread of any infection until a patch to close the vulnerability is released. The longer it takes for software providers to fix an issue, the more damage a hacker can do. In many cases, the only thing a business can do in the time between a zero-day vulnerability being reported and a fix becoming available is to stop using the compromised application.
This is why many of the largest tech firms offer large 'bug bounty' rewards to any security researchers who are able to identify and report any zero-day vulnerabilities, in an effort to stay one step ahead of criminal hackers.
Defending against zero-day attacks
Given the nature of these vulnerabilities, they can be very difficult to protect against, even for the largest and best-funded security teams. After all, how can you guard against a threat you don't know exists? But this does not mean enterprises will be totally exposed, as - while you can't predict specific zero-day threats - there are proactive steps businesses can take to mitigate their level of overall risk.
For starters, following established security best practices is an effective way to minimize your exposure to zero-day threats. These steps include;
- Strong access controls
- Ensuring staff follow simple online safety steps such as not sharing passwords
- Keeping up-to-date with patches
A good example of what can happen if these steps are not followed is the WannaCry ransomware that hit systems all over the world last year. This used a zero-day exploit within Windows called EternalBlue that was initially discovered by the National Security Agency (NSA), which opted to not disclose this to Microsoft, but instead use it for its own ends. Eventually, the code was stolen and leaked by hackers, which finally led to Microsoft becoming aware of it. The company released an emergency security patch - but those that did not upgrade in time were left vulnerable to the resulting ransomware attack.
Responding to incidents
Sometimes, even the best-prepared teams may fall victim to vulnerabilities no-one saw coming. Therefore, part of an effective zero-day protection strategy is a strong response plan.
This starts with a clear plan, where everyone within the team knows what their direct responsibilities are. Good communication is also a must, as if a team has to deal with a real incident, they'll need to act fast and not waste time explaining things or getting into debates over who is doing what. To ensure plans work as intended, holding regular exercises and drills can be highly valuable, both in training employees and identifying any weak points in the strategy.
Zero-day exploits are on the rise, but with the right skills, training and planning, businesses can go a long way towards ensuring that their risk is kept to a minimum and, in the event they do become exposed, any attacks are stopped before any major damage is done.