Zero-day attacks are one of the most dangerous cyberthreats out there, but not because they’re overly common: Google detected 24 in 2020 and 20 the year before. Zero-days may be rare by cybercrime standards, but they’re incredibly effective when exploited. Of the 24 zero-day attacks Google tracked in 2020, the majority hit browsers. (So yes, you do want to hit “Update” every time Chrome offers the option.)
What Is a Zero-Day Attack?
Unlike most other cyberthreats, a zero-day exploit isn’t any specific brand of malware or targeted attack. It just means it’s a weakness so far unknown to the software developer or cybersecurity vendor. Normally when bugs or security flaws are found, they’re quickly patched—which is why it’s critical to keep up with software updates. Zero-days aren’t yet discovered, so they aren’t patched, leaving an open gate for the hackers who discover them. No need for a giant wooden horse when Troy isn’t expecting Greeks at the gate in the first place.
Together with fileless malware, zero-days take the top spots on cyberthreat lists. Back in the day, most cyberattacks targeted a network. Now, particularly with a growing remote workforce, endpoints (aka your computer or phone) are heavily targeted.
"76 percent of successful attacks leveraged unknown and polymorphic malware or zero-day attacks, making them four times more likely to succeed in compromise compared to traditional attack techniques."
–The Ponemon Institute on its 2018 State of Endpoint Security Risk report
It’s one thing to know you have a bug and start looking for the source. It’s another to protect yourself against flaws that you don’t even know exist. So how do you prevent zero-day attacks?
Zero-Day Attack Prevention
There’s no single way to guarantee you can block zero-day exploits. The best you can do is to continue to educate yourself on the latest security measures and build a solid arsenal of protection tactics. First up: penetration testing.
Penetration Tests
The first and most crucial step, from which all others follow, is to run penetration tests. Pen tests, also known as ethical hacking, essentially stress test your security. If you remember The Italian Job, Charlize Theron’s character was hired to break into safes to test their strength. This is the less heist-y, more business protection side.
After every pen test, identify your weaknesses and prioritize the fixes by highest risk and easiest to handle. It doesn’t hurt to keep track of each discovery so that over time, you can pinpoint common themes or habits, helping you flag future issues earlier. The faster you can close security gaps, the better.
Declutter and Patch Software
After the prioritized fixes, take stock of any old software that’s no longer supported. If you know your data privacy law—which you should—this is just like disposing of data once it’s no longer in use. Outdated software is a minefield for cyberattacks; it’s not subject to new patches and is likely riddled with security holes. Don’t let it sit there tempting hackers. Be proactive and deactivate it to stop any cyberthreats in their tracks.
Lastly, and frankly most obviously (but reminders don’t hurt!), stay on top of patches. Particularly as a consumer, patches are the strongest security tool in your arsenal. We all know this, but it’s easy to forget.
Next Generation Antivirus (NGAV)
NGAV started getting traction in 2017 after a flurry of cyberattacks on big names garnered media attention. We learned that threats had evolved past traditional antivirus capabilities. Namely, the antivirus that comes standard with most machines works by scanning files and looking for known malware. But newer types of malware, and in particular, fileless malware which by nature bypasses antivirus software, called for an upgrade. And as mentioned earlier, cyberattacks trend toward endpoints now rather than networks. That shift puts new weight on individuals to protect their devices rather than assuming the network techs at our offices are handling firewalls and other protections on their own. Of course, that doesn’t mean strong network security no longer matters. Rather, we just need to expand our views on security standards to keep up with the changing field.
NGAV fills the gaps left by old antivirus by incorporating newer technology trends like machine learning and data science. Instead of simply scanning files hoping to catch a Trojan already in place, NGAV works more proactively.
As with many emerging technologies, there’s no single definition for NGAV. Some may use artificial intelligence, some not. It’s so far roughly defined as supplementary to regular antivirus thanks to a focus on endpoint protection and one if not more of the advanced features available to us today. The bottom line is that regular antivirus is passive, acting after the threat becomes real. NGAV, as it develops, theoretically should help identify and mitigate threats before they take root.