Just like its biological counterpart, digital DNA is so complicated it naturally contains vulnerabilities even the most dedicated engineers miss. Hackers or cybercriminals can then access and identify those vulnerabilities in advance of the public release of an application and write programs that exploit them before they're released. Because it can happen before a new product's release to users (day one), it is referred to as a zero day threat.
Zero day threats are among the most insidious of all cyberthreats because most of the time you won't see them coming – if you do, you're already too late.
Zero Day Threats in the Brand Era
Software, services, and platforms released to developers or consumers get one chance to make a first impression. Not only can a zero day threat quickly propagate throughout your user base thanks to a compromised product — turning devices into DDoS relays, stealing personal information, and more — the damage to your reputation can be catastrophic.
Additionally, it will be a vulnerability you didn't even know about, leaving you to scramble to find it and issue a patch, by which time jittery potential customers might be long gone.
One of the properties of a zero day threat is what's called the vulnerability window, the period of time between the first exploitation of a flaw and the release of a patch. Most high profile zero day attacks are designed to do the most damage in days or even hours, but plenty more can chug along undetected for extended periods (even years), coming to life to wreak their havoc and falling idle again.
Also read: Steps to Building a Zero Trust Network
Combating Zero Day Threats
As with any cyberthreat, the best way to protect the network is to be proactive with security — keep antivirus and firewall technology up to date and install patches and updates when they're available.
If the worst happens and you do fall victim, you'll also be able to minimize the damage if you've done your preparation beforehand. Have a workable and well-rehearsed disaster recovery plan.
A crucial part of mitigation is to have clearly designed and understood access. In today's enterprise multiple levels of staff access documents and files at all levels using both sanctioned devices and their own bring-your-own-device (BYOD) tools, and without clear lines of who gets access to what, damage from an exploit can spread even faster.
Ultimately, you're putting your network’s viability in the hands of your customers. You need your patch to propagate as quickly as possible to shut down the spread. That means you have to make a strong enough case to your users and ensure everybody knows (again, announcing your failure from the rooftops for all to hear and the hit to your reputation that will ensue) that the patch is available and necessary.
Where Zero Day Threats Will Lead Us
Like all cybersecurity hazards, zero day threats are growing, as this story reports. Because of the varied and widespread attack vectors involved, they're also going to be the vanguard in the security arms race. They can be deployed by directly attacking a corporate server, installing malicious code on a web page to snag innocent passers-by (without the website owner's knowledge) and almost anything in between.
One of the most important paradigms in coming years will be the proper demarcation of data and applications. In an era where your company's information might live in a computer or rack with that of dozens or hundreds of others at a cloud service, many of them deployed in virtual server or desktop builds using identical operating systems, the protective walls between them become exponentially more permeable, giving zero day threats the means to spread much farther and much faster.
Insist that your IT department or cloud provider set out unshakable SLAs around sandboxing your development and if necessary, immediately cutting it off from the outside world if the worst happens. When it comes to stopping and containing zero day threats in the past, countless metaphors referring to bolting horses and closed gates have been invoked.
Zero day threats will become more widespread simply because of the variety of attack vectors and functions they serve, and vigilance, as always, is key. Even then, if your processes and applications are virtually impenetrable and you’re unlikely to be affected directly, an attack on another customer using the same cloud service as you will affect network health and performance overall. It will also impose costs, both in data response times and money, that your provider will ultimately have to spread among its entire customer base — including you. That makes zero day threats everybody’s problem, and the enterprise networks of tomorrow will thank us for joining the fight.
Read next: 5 Best Practices for DDoS Mitigation