Matias Madou from Secure Code Warrior explains how organisations can build resistance to zero-day exploits.
The primary goal of any security team is to keep cyber criminals out of their organisation’s security infrastructure. This is achieved by deploying tools, monitoring their performance and remaining vigilant.
While this approach is great at preventing known threats, it’s insufficient when unknown threats appear. Many of these threats are known as zero-day attacks.
By their very definition, zero-day attacks give security teams zero time to find and patch systems because the attacker managed to get in first. Attackers do this by taking advantage of a vulnerability that had previously not been known.
Zero-day cyber attacks have been an increasing issue for organisations for many years, and the problem is not going away. In 2020, a study by the Ponemon Institute found 80 per cent of successful data breaches were the result of zero-day exploits.
Money, money, money
Because these can be so effective, zero-day exploits can command sky-high prices on the dark web. One example, listed with a price tag of US$2.5 million, was apparently an exploit of Apple iOS.
This hefty price comes as little surprise as such an exploit could wind up being the gateway to compromising millions of devices and harvesting billions of sensitive data records.
Those with the deep pockets needed to make such a purchase tend to be organised cyber crime syndicates. However, global governments and defence departments are also among the clientele for exploits they can use for threat intelligence.
Unfortunately, there is no way for an organisation to be fully protected against a zero-day attack, but they can “play the game” to some degree by offering a generous and well-structured bug bounty program.
Instead of waiting for a cyber criminal to post details of an unknown vulnerability, proactive organisations can encourage legitimate security buffs and offer them decent rewards for ethical disclosure and potential fixes.
Choose the right tools
Another important step to take when protecting against zero-day threats is to ensure your security team has access to the right tools for the job. Cumbersome security tooling has been an issue for a long time, with research showing the average CISO has to manage anywhere from 55 to 75 different tools. Aside from this being a confusing situation, a Ponemon Institute study found 53 per cent of enterprises aren’t even confident they’re working effectively.
In a field suffering from an acute shortage of skilled staff and widespread team burnout, forcing security teams to work with information overload in the form of data, reporting and monitoring of huge toolsets causes additional burdens. It’s exactly the type of scenario that can cause them to miss a critical alert.
Many code-level vulnerabilities are actually introduced by developers, and they need precision guidance and regular training to help build secure coding skills. However, next-level secure developers are also given the opportunity to learn and practice threat modelling as part of their software creation workflows.
The people who know their software best are the developers who have created it. They have powerful knowledge on how users interact with the code, where the features are used, and the potential scenarios in which it could break or be exploited.
The best security programs also have an emotional component, with human intervention and nuance at the heart of the problem-solving process. Effective threat modelling takes empathy and experience, as does secure coding and configuration at the architectural level of software and applications.
The importance of patching
As well as these factors, it’s also vital that organisations get patches for vulnerabilities out as fast as possible and installed in every location the software is being used. Unfortunately, there are many instances where patches have existed, however, organisations still experienced a successful attack because those patches were yet to be deployed.
By focusing on the threats posed by zero-day attacks, properly training and equipping security teams, and remaining constantly vigilant, organisations can have the best possible chance of avoiding becoming a victim to a zero-day exploit.
Matias Madou is the co-founder and chief technology officer at Secure Code Warrior.