A zero-day threat is a security vulnerability that’s exploited by a hacker on the same day it appears. The problem is the breach happens so quickly; there’s no patch available to fix it. The first time you knew the vulnerability occurred was when the hacker used it to attack your organization.
The hacker, who may have been probing your network for months, usually is the one that discovers these vulnerabilities. Antivirus, intrusion prevention, and firewalls don’t always protect against the new, unknown threat.
While no organization can completely protect themselves from a zero-day threat, there are a few things you can do to mitigate your risk. This article can help you stay prepared.
Stopping the Zero-Day Threat
“These brand new threats are by far some of the most difficult cyber attacks to defend against. Half the time, we never see them coming. Even when we do, we are too late.”
James Wang – Matt Williams, June 22, 2017
A DZone article from last year chronicled the zero-day threat:
- In 2012 there were 14 zero-day vulnerability incidents reported.
- In 2013 there were 23.
- In 2014 there were 24.
- In 2015, there were 54 – a 125% increase.
While 2015 was the last year data was available it is safe to assume that the number of zero-day vulnerabilities continues to rise. The same article suggested that 30% of malware in the fourth quarter, 2016, used zero-day vulnerabilities.
An article in ComputerWorld suggests there are four key ways to potentially protect an organization from the zero-day vulnerability:
1. Use preventative security practices. Keeping firewalls and antivirus protection up-to-date and matched carefully to corporate needs, while blocking attachments, and managing external devices, are all important. Installing patches for on-premise systems immediately upon issue as well as conducting vulnerability scans, are also important. Finally, use application whitelisting in addiction to blacklisting software to help spot malicious activity.
2. Use intrusion prevention systems (IPS). Look for an IPS that has network protection offering content validation and forensics, application integrity checking, third-party verification, and much more.
3. Establish disaster recovery procedures. Developing and practicing incident response that includes established roles and procedures is critical to mitigating the damage while it’s happening.
4. Silo the breach by preventing its spread. This includes establishing need-to-know-type protocols for document access
It’s clear that today’s cyber security efforts must have multiple controls in layers across every piece of a network, including any personal devices accessing a network. In order to protect an organization from zero-day threats, IT administrators’ must enact security measures that offer a measure of granular control for all devices accessing the network. It must allow the admin to administer the network from a centralized hub and offer the flexibility to tailor policies for individual users as well as groups.
Exploiting zero-day vulnerabilities is still a new discipline for hackers. This behavior is expected to increase as bad actors improve their techniques. Following these four steps are really the best way at the moment to mitigate the risk of the zero-day vulnerability.