How to address the continued rise of zero-day exploits


Zero-day exploits have been on the rise in recent years to the point that they’re simply normal in a hyperconnected society. But the way in which these attacks are approached, by cybercriminals and cybersecurity experts and organisations alike, continues to evolve, especially as businesses in Australia and New Zealand look set to continue with a work-from-home model into the future. Organisations must understand how these attacks work so they can take appropriate measures to defend themselves while still delivering the flexibility required to let employees work remotely for the long term.

A zero-day exploit is a security vulnerability that is used to attack users before the software creator can release a patch. Because the software flaw is so new, attackers have a unique but limited window in which to launch an attack.

The COVID-19 crisis, for example, has helped to highlight potential security vulnerabilities to many organisations after the mass transition to remote working. The increased volume of new devices and access points, especially for users, may not have been incorporated into patch management programs previously. This has the potential to leave many organisations vulnerable to attacks.

The shift in working environments has also led cybercriminals to closely monitor many platforms, particularly collaborative and video networking technologies, for new opportunities.

Vulnerabilities across these platforms already present a risk to businesses. But the increase in potentially vulnerable and unpatched endpoints means there is now an increased attack surface to be exploited. With working from home likely to become the new normal even as physical workplaces start to open back up, cybercriminals will continue to evolve their attacks and take advantage of these opportunities.

For example, organisations that turned to quick fixes for security vulnerabilities at the start of this crisis now face mounting pressure to stabilise their security measures.

It’s critical that companies take the opportunity to think more strategically about how to best protect their business both now and into the future. This strategy needs to involve generating more visibility and cohesion across the wider network and investing in technologies that will support this.

Evolving technologies have increased the risk to organisations but they can also provide a greater level of protection against threats. By using integrated cybersecurity approaches that defend against anomalies in the system, organisations can take a more robust approach to cybersecurity.

Interconnectivity between security systems is critical in defending organisations against increasingly sophisticated cyberattacks. By using more integrated processes, cybersecurity systems can share information about incidents and events to analyse and correlate data for more protection. This interconnectivity will lead to more advanced cybersecurity systems that can hunt for, detect, and respond to security events and breaches.

However, technology isn’t the only solution to sophisticated cyberattacks. It’s critical that organisations be more strategic about their cybersecurity approaches and continually assess their defences. Investing in ongoing employee training programs, running regular incident response drills, and conducting wargames can lead to continued learning from previous and anticipated attacks and breaches. Working with partners that can assist in strengthening cybersecurity capabilities is also an essential step that can help businesses combat the rise of zero-day exploits.

Jon McGettigan, Regional Director – Australia, New Zealand, and the Pacific Islands, Fortinet