Australian organisations are feeling the sting of cyber crime more than ever. Threats like malware, ransomware, DDoS and phishing attacks are running rampant.
But another, perhaps lesser known threat that has become a growing concern in recent years is zero day exploits.
In 2015, Australia experienced a record 24 zero day vulnerabilities, according to CIO. In terms of creating and releasing patches, it took companies an average of 59 days – a dramatic increase from only four days in 2013.
So this is definitely something your company should have on its radar moving forward. You need to know how to protect yourself from zero day exploits and reduce your risk exposure.
Understanding Zero Day Exploits
To fully grasp this concept, it’s first necessary to understand what a zero day vulnerability is.
Simply put, this is a flaw or security hole in your software that your company is unaware of. For example, there may be faulty code that leaves your software susceptible.
A zero day attack refers to an attack that targets that flaw on the same day that it becomes known. So there are “zero days” between the time when the vulnerability is discovered and when an attack is initiated.
In other words, the flaw is exploited by cyber criminals before your organisation is able to fix it. Once this happens, things can get ugly in a hurry, and you may have a full-scale cyber attack on your hands.
What Sparks These Attacks?
Here’s a common scenario. A single user discovers there’s a flaw in your software. They may first report their findings to your company so that you’re aware of it and can create and release a patch.
However, they may also divulge the details online via a blog, forum, etc. in an attempt to warn others. Often the motives are pure, and they’re simply trying to get the word out.
But this can create a major problem for your organisation. All of a sudden, a large volume of individuals are made aware of the flaw (including hackers). In some cases, hackers will be able to exploit it before your organisation has a chance to react, and an attack ensues.
While the ease in which information can be circulated online can be beneficial for software users – the recent MacOS High Sierra bug is a good example – it can have disastrous consequences for businesses.
When sensitive information like this is made public before you have a chance to fit it, you may end up staring down the barrel of an ugly cyber attack. And this is definitely not the type of situation that you want to find yourself in.
How to Protect Your Organisation
Zero day exploits create a real quandary. Due to the fact that they’re inherently difficult to detect, they’re often equally as difficult to defend.
Fortunately, there are several steps you can take to significantly reduce your risk.
For starters, you’ll want to install a robust firewall. This is a vital first-step for protecting your system, and the firewall acts as a barrier to between your trusted, internal network and everything else outside of your network.
Not only can you prevent unwanted intrusions, this will also help protect your organisation against a slew of other threats such as viruses, malware, ransomware, etc.
A virtual local area network (LAN) allows you to segregate certain areas of your network so that you’re able to better protect sensitive traffic as it flows between servers.
TechTarget points out that this enables you to enhance security requirements without having to run new cable or make serious changes to your current network infrastructure. Instead, it relies on a system of Ethernet switches, which gives you control over how different systems communicate with one another.
By isolating that traffic in this manner, you’re not putting your network at unnecessary risk, which gives you an upper hand over cyber criminals.
Use a Security Alerting System
Having access to real-time data is essential. Any lapse in data on your end puts your company at risk and puts the power in the hands of cyber criminals.
A security alerting system such as a security information and event management (SIEM) platform is ideal because it keeps your organisation one step ahead of threats.
TechTarget explains that It works by aggregating data from several live security feeds. From there, it identifies any type of deviations that could be of concern and takes the necessary actions to protect your data assets.
For instance, if a potential threat is detected, a SIEM would log the activity, create an alert and ensure that security controls stop an activity’s progress. As a result, this greatly increases the chances of saving your organisation from a zero day attack.
Limit Network Privileges
Here’s an unsettling statistic. 60 percent of cyber attacks were inside jobs in 2015, meaning they were carried out by individuals within organisations.
Often the biggest danger isn’t a malicious outside threat. It’s the individuals within your company who seem most trustworthy.
This is difficult for a lot of companies to digest. After all, if you can’t trust your own team members, who can you trust? But it’s a reality that you would be foolish to overlook.
One way to minimise the threat of an “inside job” is to simply limit network privileges. In other words, only give individuals access to the tools and data that they need to to perform their duties and nothing else.
Also, be especially careful about who is given admin-level access. If this winds up in the hands of the wrong person, it can quickly open a can of worms. You may even want to do an extensive background check on a person before they can be an admin.
This is just good common sense and another effective way to reduce the attack surface.
Establish Policies on Application Usage
Your team members may use a wide range of applications on any given day. Whether it’s looking up customer data on CRM software or uploading data to a cloud-based platform, applications are integral to most 21st century businesses.
But this can be a double-edged sword. Although it can help improve communication, collaboration and efficiency, it can also leave you susceptible to zero day exploits.
After all, the more applications your organisation uses, the larger your attack surface becomes.
Therefore, it’s a good idea to have some type of policies in place to dictate which specific applications employees can use and download. Minimising that number and using what you really need along with controlling what can be downloaded ensures that you’re not putting your organisation at unnecessary risk.
Participate in a Bug Bounty Program
Here’s another option that’s a bit less conventional but nonetheless effective. It works like this.
You partner with a vendor that runs a bug bounty program where crowdsourced testers thoroughly explore your software with the sole purpose of identifying bugs. These testers are known as ethical or “white hat” hackers who report vulnerabilities that could potentially be exploited.
Whenever they find an issue, they will document their findings in reports. From there, you have access to those reports and are given suggestions on how to resolve the issues.
Testers have a strong incentive because they are rewarded (often financially) for their services. The amount they earn typically depends on the size of an organisation and how big of an impact the bug would have if exploited.
Perhaps the biggest benefit of a bug bounty program is that it gives you access to a large pool of experienced testers, which means that major issues are often found in a timely manner. This of course is important when it comes to zero day exploits because the clock is your enemy.
This should go without saying, but it’s imperative that your organisation remains up-to-date with patches. Remember that time is always of the essence.
The moment that a patch becomes available for a security hole, it should be applied immediately. Although this won’t 100 percent guarantee that a zero day exploit won’t occur, it makes it much more difficult for perpetrators to carry out an attack.
Covering All of the Bases
Is there a magic bullet for preventing zero day exploits from happening?
Unfortunately not. But these techniques are certainly a step in the right direction and will diminish your threat level considerably.
Like most forms of cybersecurity, it’s all about taking a comprehensive approach that covers all of the bases. While using a single strategy may have some impact, using multiple strategies like the ones listed here should be highly effective and make sure that your organisation is always a step ahead of cyber criminals.
Has prepared is your organisation to battle cyber attacks like zero day exploits? Please share your thoughts and concerns:
In today’s world businesses around the world as well as in Australia, face increasingly sophisticated and innovative cybercriminals targeting what matters most to them; their money, data and reputation. Download our guide to learn everything you need to know about the Optus Data Breach, as well as the nine steps every business around the world and in Australia needs to take to avoid being next.