4 Methods For Mitigating Zero-Day Vulnerabilities and Threats

pexels-photo-577585 (1)A zero-day threat is a security vulnerability that’s exploited by a hacker on the same day it appears. The problem is the breach happens so quickly; there’s no patch available to fix it. The first time you knew the vulnerability occurred was when the hacker used it to attack your organization.

The hacker, who may have been probing your network for months, usually is the one that discovers these vulnerabilities. Antivirus, intrusion prevention, and firewalls don’t always protect against the new, unknown threat. 

While no organization can completely protect themselves from a zero-day threat, there are a few things you can do to mitigate your risk. This article can help you stay prepared.

Stopping the Zero-Day Threat

“These brand new threats are by far some of the most difficult cyber attacks to defend against. Half the time, we never see them coming. Even when we do, we are too late.”
James Wang – Matt Williams, June 22, 2017

A DZone article from last year chronicled the zero-day threat:

  • In 2012 there were 14 zero-day vulnerability incidents reported.
  • In 2013 there were 23.
  • In 2014 there were 24.
  • In 2015, there were 54 – a 125% increase.

While 2015 was the last year data was available it is safe to assume that the number of zero-day vulnerabilities continues to rise. The same article suggested that 30% of malware in the fourth quarter, 2016, used zero-day vulnerabilities. 

An article in ComputerWorld suggests there are four key ways to potentially protect an organization from the zero-day vulnerability: 

1. Use preventative security practices. Keeping firewalls and antivirus protection up-to-date and matched carefully to corporate needs, while blocking attachments, and managing external devices, are all important. Installing patches for on-premise systems immediately upon issue as well as conducting vulnerability scans, are also important. Finally, use application whitelisting in addiction to blacklisting software to help spot malicious activity.

2. Use intrusion prevention systems (IPS). Look for an IPS that has network protection offering content validation and forensics, application integrity checking, third-party verification, and much more.

3. Establish disaster recovery procedures. Developing and practicing incident response that includes established roles and procedures is critical to mitigating the damage while it’s happening.

4. Silo the breach by preventing its spread. This includes establishing need-to-know-type protocols for document access 

It’s clear that today’s cyber security efforts must have multiple controls in layers across every piece of a network, including any personal devices accessing a network. In order to protect an organization from zero-day threats, IT administrators’ must enact security measures that offer a measure of granular control for all devices accessing the network. It must allow the admin to administer the network from a centralized hub and offer the flexibility to tailor policies for individual users as well as groups. 

Exploiting zero-day vulnerabilities is still a new discipline for hackers. This behavior is expected to increase as bad actors improve their techniques. Following these four steps are really the best way at the moment to mitigate the risk of the zero-day vulnerability.

Free MSP Consultation

Cyber Security for Business - Why You Need an IT Recovery Plan

startup-593327_960_720.jpgInformation technology has evolved beyond being a tool for your business to being the central hub for all of your business operations.

That’s our best argument for developing an IT recovery plan in case something goes wrong.

One look at today’s headlines and you’ll understand that myriad threats have emerged to create the perfect storm with the potential for shutting down your business operations. From natural disaster to data breaches, mitigating the risk means creating an IT recovery plan to keep your business safe.

The Risk Landscape – Cyber Hacks

The actuarial assessment of risk for cyber breach is very high. Some of the most notorious hacks in history have happened in the last few years, including:

  • Home Depot lost billions to a cyber security failure.
  • The U.S. Veteran’s Administration had an external hard drive stolen from an employee’s home during a burglary, costing the agency $500 million.
  • Big box store Target had a cyber security failure that cost them $252 million to repair.
  • North Korea hacked Sony Pictures, causing reputational damage in addition to $151 million.

If you’re the owner of a small business, you may be rolling your eyes; surely the risk is not as high. However, NTT Security’s threat assessment shows that the risk of cyber hacks affects every size business in the form of phishing scams. Phishing are emails with embedded code that can spread viruses like ransomware, which encrypts your files until you pay a ransom.

All it takes is one employee to open the wrong email. In fact, 67% of all cyber attacks start in this simple, but effective way.

The Risk Landscape – Natural Disasters

Over the past few weeks we’ve heard about Hurricane Harvey and the devastation it’s bringing to Texas. CNBC says the cost could reach as high as $75 billion. How many of these businesses will simply close, in part, because their IT infrastructure has failed, stopping business as usual in its tracks?

From tornados to floods, most businesses are one disaster away from an irretrievable data loss. But the list of crises beyond catastrophic weather include electrical fires and burglary, vandalism or just plain equipment failure. With an IT recovery plan in place, your business stands a much better chance of surviving, no matter what human-made or natural catastrophe arises.

Elements of an IT Recovery Plan

Developing a disaster recovery and business continuity plan for your IT systems includes an assessment of your current network. Here is an overview of what your plan should encompass:

  • Asset inventories
  • Off-site data backup and recovery planning
  • Development of redundant IT systems
  • Creating a communications plan
  • Development of off-site workflows to encompass systems such as accounting, payroll, and client billing
  • Mitigation plan in the event of a data breach

For a more detailed look at what your plan should include, check out our earlier post on what every IT recovery plan should include.

Inc. says 40% to 60% of all small businesses that lack an IT recovery plan will close their doors after a major disaster. Don’t let this happen to your business.

Contact CWPS today to begin an assessment and threat mitigation process that will help keep your IT infrastructure safe in the event that an unthinkable event will occur.

New Call-to-action

Second Wave of Ransomware Expected to Hit Businesses

Over the weekend, “WannaCry” a malicious worldwide ransomware attack crippled hundreds of thousands of end-users and organizations including hospitals, universities, manufacturers and government agencies in countries across the world.

"WannaCry," took advantage of a vulnerability known as EternalBlue, which exploits the Microsoft Windows SMB protocol. Hackers began their attack by distributing random phishing emails with the virus attached. Once end-users opened the attachment, the virus would encrypt files on their computer and lock them out. Users were prompted to pay a ransom in the form of bitcoins to obtain their data.

The virus, still not contained, has the potential to access multiple systems and computers across the world. Experts have advised individuals and organization to install all available security updates immediately.

WHAT YOU SHOULD KNOW

  • Next-Gen Endpoint Protection is available to predict and prevent WannaCry ransomware for WINDOWS, MAC and LINUX endpoints both online and offline and embedded Windows.
  • Comprehensive patching systems are a must to ensure that the updates cited in the Microsoft Security Bulletin Summary for March 2017 and others, are installed properly.
  • The initial infection vector for WannaCry seems to have been a phishing attack where fake invoices, job offers and lures are being sent to random email addresses. You must protect against the crippling effects of human error.

CWPS CLOUD ASSIST SECURITY FOUNDATIONS

Security You Can Depend On. (4).png

CWPS Cloud Assist Security Foundations provides your organization with the multilayer protection service that prevents, protects and educates end-users from becoming a victim of ransomware.

  • Secure Internet Gateway.The first step toward advanced cyber security is to predict attacks before they happen and expand your threat protection beyond the perimeter by removing your DNS blind spot. Protect your users anywhere they access the internet from ever more sophisticated cyber attackers before they can even launch.
  • NextGen Endpoint Protection. Our next level of defense is to protect your endpoints in the event an attacker does get through. Our next-generation antivirus solution uses an artificial intelligence and machine learning approach to predict, identify and prevent both known and Day Zero cyber threats from ever executing or causing harm to your endpoints.
  • Security Awareness. Finally, we believe one of the greatest ways of protecting your environment is to deploy systematic security awareness training to your employees. All companies have employees who are frequently exposed to advanced phishing attacks and they can become the weak link in your security. We can help companies manage the continuing problem of social engineering.

Contact us for a consultation at connect@cwps.com