Your business is vulnerable to zero-day attacks, but here's a solid game plan that'll change that
As small- and medium-sized businesses get better at managing and maintaining their computer systems, zero day exploits are becoming a more popular way to hack…
Zero day attacks come out of nowhere, taking advantage of a vulnerability in a piece of software and exploiting it for all it’s worth before a patch is made available. They happen on the exact same day that a weakness is spotted. While sometimes these vulnerabilities are caught by users or white hat hackers (see our blog on the Types of Hackers) and reported, more often than not a malicious hacker will find the flaw first and quickly exploit it. And when they do, there’s very little to stop them.
Zero day exploits are big business, with cyber criminals potentially getting a huge payout upon finding a flaw. Millions now go into spotting weaknesses before a criminal does, but these attacks are still occurring at a growing rate. Unfortunately, most of the time hackers spot the exploit before anyone. A recent example occurred in April 2017, when it was discovered that hackers had been exploiting a flaw in Microsoft Word since January. The attack allowed hackers to phish financial details off infected computers without anyone’s knowledge.
While an attack is over as soon as a patch is made and distributed, recent research by the Rand group found that the average life expectancy of this type of exploit was seven years, meaning that a lot of the vulnerabilities are being left unfixed or unfound for a long time. And unless all the people (stakeholders and suppliers) you work with have the same security solutions as you, and are keeping up with patching, you could remain at risk for a much longer time than you’d like.
While it is impossible to predict when an attack will happen or how much damage they will cause, there are some key actions you can take to protect your business.
Here’s your solid game plan to protect against zero day attacks…
1. Streamline patch management.
Time is of the essence when it comes to zero day vulnerabilities. As such, you need to employ a patching policy that is strong and consistently being implemented. This won’t stop attacks, but it will ensure you are protected as soon as a patch appears and it is good practice to implement within any business.
2. Turn off software deemed vulnerable and reduce your attack surface.
Inevitably there is some software out there that is more likely to be the victim of a zero day exploit than others. For example, there’s the oft-maligned Abode Flash, which according to Symantec accounted for 19% of 2015’s zero day attacks. Disabling these vulnerable programs will go some way to keeping you safe. Similarly using less software, on the whole, will limit your risk of being breached.
3. Get rid of any applications that you no longer use.
Don’t leave unused software on your systems to stagnate. Conduct a regular assessment of the applications you use and how many are old or redundant. Remove those you no longer need. Unused apps are the perfect place for an attack as you may forget about them and leave old un-updated versions on your system.
4. Thoroughly check new technology.
Whenever you decide to use a piece of new technology or software in your office ensure it is thoroughly vetted before use. Once vetted and approved, implement a security plan for every single piece of new technology you bring into your business so that as long as it is being used it is being kept up to date and supported.
5. Employ application whitelisting.
Controlling applications in this way allows you to create a store of allowed executables, which prevents any program (whether it is known or not) from launching unless it has explicit admin authorisation. This allows computer monitoring in real time, and when used with an active protection tool that spots anomalous or malicious activity, will give you the best possible defence.
6. Start using behaviour-based anti-virus software.
Heuristic programs (ones that find and discover based on behaviour) are considered better at spotting malicious attacks than the traditional signature-based anti-virus programs. Look out for software that employs good Host Intrusion Prevention Systems (or HIPS) also.
7. Sign up to as many threat intelligence platforms as possible.
Being the first to hear about a zero day threat will mean you can more quickly and easily prepare the business to take action against it if necessary. Selecting the right threat intelligence provider for your organisation can take some time. Start with a needs analysis, to assess your business’ processes, IT structure, and security situation, and develop a clear idea of what intelligence you’ll need. Then search for a provider which best fits your requirements.
8. Consider security information and event management (SIEM) software.
When installed correctly SIEM software can supply real-time analysis of your network, which may save you from suffering a full-blown zero day attack. While these platforms initially only catered to large enterprises, small and medium-sized businesses can now benefit from the protection they provide. The latest software providers will allow your business to keep a better handle on your security by streamlining compliance reporting, erasing incidents that would not have otherwise been spotted, and improving the efficiency of how incidents are handled.
As the digital world grows and evolves, cyber criminals are getting smarter and sneakier with their methods of attack, and getting your security game plan down is more important now than ever before. At Xenace, we ensure our cyber security solutions keep you as protected as possible from attack. If you’re worried about the risks to your business, contact us now to have a quick chat about how we can help.