What is a Zero-Day?

Written By Bethany Faithfull

Zero-day attacks have been on the rise recently, with 80 identified in 2021 – an increase of more than 100% from 32 in 2019. Experts at Mandiant Threat Intelligence expect this number to continue to rise in the coming years. A significant portion of zero-day attacks have always been associated with state-sponsored espionage, with the rest coming from financially motivated criminals. With increasing geopolitical tensions, it’s important for us to stay informed of anything that could potentially affect our business. Let’s start by understanding what zero-day threats are, before discussing how we can protect against them.

What does ‘Zero-Day’ mean?

The term zero-day is used frequently in cyber security and business settings, but what does it actually mean? Simply put, a zero-day threat is one that is so new there are no defences available for it yet.  Your anti-virus won’t recognise it and there is no updated version of software available to fix the underlying flaw that makes it possible. This means that zero-day threats can include a range of attacks which exploit a vulnerability in a system, such as: gaining access to confidential data; introducing malware to affect, change or corrupt the system and its data; or stealing your information for ransom.

Why should you worry?

Mostly vulnerability scanners and antivirus do not recognise zero-day threats, and do not have the tools to protect your device from them. Endpoint detection applications (commonly referred to as antivirus software) work by searching for threats that have been recognised; they look for patterns of behaviour known to be suspicious or malicious. Since zero-day threats are brand new, your endpoint protection software will not be a good defence against them. New or innovative software can be more susceptible to zero-day attacks, as there may be vulnerabilities in the system that are unknown to the developers until public release. This provides opportunities for new forms of cyber-attack to emerge, where there is not yet a suitable security patch available.

What can we do to protect from these threats?

When it comes to zero-day threats, users can either be a liability or an asset. As many zero-day ransomware and phishing attacks occur via email, the user is often the last line of defence. A well-trained user can identify and report the threat, providing vital information to cyber security services. However, an under-trained or misinformed user can trigger the attack, by opening the link or attachments. Many cyber attacks rely on manipulating users, as they can be seen as security's weakest link. Security Awareness training shows the users how they should behave when they come across these threats. Your company policies can form a good baseline for behaviour and security practices when you implement a security standard such as Cyber Essentials or ISO 27001.

The most important thing you can do to protect your assets from zero-day exploits is prepare in advance, because when a threat occurs, there is no longer time to plan.

Cyber Coach Security Awareness Training can turn your team into a security asset rather than a security risk. Your staff are often the last line of defence against a cyber attack and can mean the difference between an attack failing or succeeding.

Click here to receive a free consultation with Cyber Coach to discuss the training your staff need to best protect your business.

Bethany Faithfull
Previous

Fake Google Ads Used to Spread Malware 
Next

How to keep your team vigilant