Zero-day vulnerabilities make headlines and receive coverage because they’re new and exciting (well, at least to cybersecurity enthusiasts).
So, what are they? Why do they steal the headlines?
Well, simply put, zero-day vulnerabilities are flaws discovered in software or hardware which have not yet received a corrective patch from the creator. Through one method or another, attackers learn of the weakness and create a way to exploit it before it’s corrected.
At that point, the original creator has ‘zero days’ left to fix the issue before it’s exploited, hence the term.
We’re all genetically hardwired to fear the unknown, and zero-day vulnerabilities trigger these instincts.
Yet the hidden assumption in any zero-day coverage is that an organization is otherwise secure. Sadly, this is usually a poor assumption, since most breaches occur against those with poor security controls.
Security is a process, not a goal, and the key is balance.
Organizations must split attention and resources to maintain basic security, monitor for zero-days, and manage ongoing security improvements.
Before you start worrying about the unknown, it’s important to control what you can right now.
Ensure the Basics
Validating and ensuring strong basic security practices must come first.
Though zero-day vulnerabilities might provide novel vectors for attack, even those vectors can prove ineffective against a solid security stack of basic cybersecurity techniques and technologies.
Whether you’re using brand-new zero-trust-architecture (ZTA), or a traditional perimeter defense strategy, you need to verify:
- effective least-privileged access
- restrictive firewall policies
- thoughtful network segmentation
- your backup systems’ effectiveness
Regular testing through penetration tests, vulnerability scans, and simulated exercises provide ongoing validation of the strength of your security at the time of the tests. But, as part of basic cybersecurity techniques, you also need to constantly apply software updates and modernize your IT infrastructure.
And, keep in mind that just because Microsoft and other vendors may provide support for older technologies, such as Windows NT Lan Manager (NTLM), that doesn’t mean they’re safe.
Attackers continue to find ways to exploit legacy NTLM installations either directly, or by using tools to downgrade protocols to even less secure versions.
To budget your time, money, and personnel resources properly, make sure you list any outdated products, and plan upgrades accordingly.
You’ll want to start with these first steps before worrying about unknown zero-day vulnerabilities.
Shadow IT’s Threat to Basic Cybersecurity
Your IT team is great at effectively managing the tools, software, and apps of which they’re aware.
Unfortunately, many employees circumvent IT rules and adopt unauthorized apps, install unapproved software, or attach unauthorized hardware to computers and networks.
This ‘shadow IT’ poses major risks to your organization. Just how common is it?
Research estimates that roughly 1-in-5 users share files through unauthorized cloud or file sharing services. Yet this is only an average, with the worst sectors reaching much higher percentages.
Take, for instance, the percentage in these sectors:
- 33.4% Government
- 35.5% Construction
- 42.8% Education
And yet, file-sharing services represent only a portion of the unauthorized products that 80% of workers admit to using without approval.
Think about that for a moment.
Four out of five workers admit to using unapproved and potentially infected software. And, even if it isn’t infected, these often come from untrusted sources with little support or updates to weaknesses.
Knowing that, are you still confident in your security?
Even further, up to 40% of all IT spending bypasses the IT department on items such as network-connected security cameras, photo-editing software, or even internet-of-things (IoT) devices, such as connected TVs.
There may be even more unknown devices, since none of these stats include employee money spent on:
- Personal USB drives or portable hard drives
- Personal software
- Personal mobile devices or tablets connected to corporate computers for charging
- IoT (Wi-Fi enabled coffee mugs, etc.)
This shadow IT risks both your IT infrastructure and your data security.
Though many organizations tolerate shadow IT because it’s difficult to eliminate, you can always mitigate risk through basic cybersecurity techniques like monitoring and tracking.
So again, before you start worrying about zero-day vulnerabilities, focus on what you can control.
Zero-Day Vulnerabilities Do Matter
Of course, zero-day attacks still matter, because they represent new vulnerabilities to be addressed.
When a zero-day is announced, your security managers must consider how the vulnerability may or may not affect your IT environment.
In the first week of June, the Follina vulnerability made headlines, though it wasn’t widely exploited.
But, as always, attackers didn’t sit idle, as news of the weakness spread.
Within a few days this zero-day vulnerability saw new exploits, such as:
- Phishing campaigns against European and US local governments (attacker unknown)
- Chinese-language files infected with password-stealing trojans
- The international Tibetan community targeted by Chinese hacking group TA413
- General phishing campaigns to deploy the Qbot malware (also associated with ransomware)
If your business already performed the basic cybersecurity techniques to mitigate this, you don’t need to worry about these developments.
But, as evidence of exploitation mounts, those who ignored the issue must consider if they are more at risk.
Of course, the number of zero-day vulnerabilities continuously increases. In fact, this week alone saw the recognition of several similar attacks that don’t yet have official patches.
Another ‘special’ Microsoft url exploit, as well as a multi-step security flaw with an unofficial 3rd-party patch are making their rounds, so be sure to do your due diligence.
Achieving Security Balance
Yes, zero-day vulnerabilities do pose a challenge to businesses everywhere. And no, they’re not going away anytime soon.
There will always be some new weakness, some new flaw that needs addressed.
But, there’s simply no way to predict when or where they’ll occur, let alone the severity of the problem.
That’s exactly why using basic cybersecurity techniques every step of the way is so important. With the basics covered, you’re far more likely to stay safe from the unknown.
Ideally, organizations budget time, money, and personnel resources to address vulnerabilities and aging infrastructure. However, like it or not, reality often gets in the way.
Technical debt accrues with unaddressed issues, unapplied patches, shadow IT, or obsolete infrastructure.
Outsourcing can help organizations catch up. If you could use a little assistance protecting yourself from either the basics or the unknown, Ideal Integrations, with the support of Blue Bastion Cyber Security, can help.
Simply contact us at 412-349-6680, or fill out the form below, and we’ll provide a no-obligation consultation about short term or on-going solutions to tighten up basic security, locate vulnerabilities, address zero-day issues, and more!