What is Zero-Day Vulnerability & 5 Ways to Combat It

Business Journal Ask the Expert Column – January 2020

Our nonprofit is woefully under-protected against cyber threats, so I’m making a presentation to our Executive Committee about a zero-day vulnerability. Do you have any recommendations about what I should propose?

First of all, we commend you on taking the initiative to protect your organization. You’re probably going to need to do a bit of educating in the beginning. There’s a good chance your committee members have heard of zero-day vulnerabilities, but they probably don’t understand the degree of danger your organization faces if you’re under-protected.

We would recommend quickly defining the zero-day proposition, followed by a few steps to improve your security posture against zero-day attacks. Don’t get too complicated. It’s always best to ease your way into the presentation so your audience isn’t made to feel uninformed or even “dumb.” Here’s a quick starter list to help you with your presentation.

Exactly What Is a Zero-Day Vulnerability?

A zero-day vulnerability is actually an unintended software or operating system defect that can create a security hole. These holes are exploited by cybercriminals to gain entry into your systems and networks, in order to corrupt files, send out emails using company addresses, take control of your systems, steal everything from money to IP to sensitive personal data and much more.

The term “zero-day” means a software flaw has yet to be discovered by the software’s development team; consequently, there’s no patch or update available for complete zero-day attack mitigation. When the flaw is finally discovered, the developer has zero days to fix the vulnerability before criminals can exploit it, leaving users unprotected and at significant risk.

When cybercriminals discover software flaws, they write malicious code, known as malware, which they use to exploit your systems to their benefit. According to the Software Engineering Institute, upwards of 90% of security attacks target software flaws and defects, meaning virtually no one is immune to being targeted.

5 Ways to Combat a Zero-Day Vulnerability

While there are no infallible zero-day threat protections, there are actionable steps you can take to protect yourself the best you can. From knowing how to spot a malicious email to knowing what to do in case of an attack.

1. Institute a Least Privilege Model Within Your Organization.

The principle of least privilege states that users should only have access to those resources necessary to perform their work and nothing more. This strategy is critical in your zero-day threat protection plan. Should cybercriminals exploit an undetected flaw and gain access to an employee’s credentials, they would only have access to restricted amounts of information. Think of it as Risk Management 101. By minimizing exposure, you’re minimizing the possible threat.

2. Conduct Regular Staff Training on How to Spot Phishing Emails.

If this sounds like a broken record, there’s a reason why. The overwhelming majority of cybercriminal behavior is launched via email. And zero-day attacks are no different. Phishing schemes are still the ultimate launching pad for cybercriminal activity. Conducting training exercises on how to spot phishing schemes and how to properly mitigate compromised communications is critical to your organization’s safety. Host a catered, lunchtime phishing identification training session to ensure your staff will attend. The few hundred dollars you spend on food could easily offset millions in damages.

3. Engage in a Managed Detection and Response Service.

The days of using only antivirus software or a basic “black box” monitoring device for cybersecurity are over. With today’s sophisticated and savvy cybercriminal threats, the best zero-day threat protection means enlisting an advanced cybersecurity provider for a Managed Detection and Response (MDR) service. MDR provides real-time monitoring and response. So, if your organization is attacked, or even breached, your security provider can respond in a matter of minutes. Be sure to source top-tier resources with a fully-staffed, onsite, 24/7 Security Operations Center. It’s your best defense against zero-day attacks.

4. Maintain Multiple Stand-Alone Backups and Keep Accurate Up-To-Date Logs.

A strong backup plan can be your organization’s salvation when protecting against zero-day exploits. Keep multiple backups separate from your network to minimize the impact and potential losses should a zero-day attack occur. It’s also essential to know where backups are stored, when and what information is backed up, and who is responsible for maintaining the backups themselves, as well as all recordkeeping associated with data preservation. Establishing a backup protocol, with set backup schedules, is a simple and effective means of preserving data that may need to be restored if an incident occurs.

5. Regularly Review Your Incident Response Plan and Practice, Practice, Practice.

Too many companies put themselves at risk by creating incident response plans and placing them on the shelf to gather dust. Incident response plans should evolve and change with your organization and be put to the test in real-world scenarios, known as tabletop exercises. In zero-day scenarios, preparedness is your best weapon. Plan down to the last detail, then see how your team responds when faced with a team of ethical hackers supplied by your cybersecurity company. What you learn during practice sessions will better equip your team when faced with a real incident. So, take every tabletop exercise seriously, because when you’re faced with a real incident, you want to be able to anticipate rather than react.