The Zero-day Threat – What can you do about it?

In the first part of this series looking at the Zero-day threat we defined what the threat was and how this causes a gap in your technical cyber security defences. In this part we are going to look at some of the simple mitigation you must have in place for the Zero-day threat.

What you must do about the Zero-day problem

The problem is trying to defend against the unknown! What you need to do is have a security plan that will reduce the impact of a Zero-day attack because of a flaw in the software or firmware you use.

Zero-day reduce the attack surface

As we discussed, the problem lies with a vulnerability in one of your systems that the vendor is unaware of but the threat actors have weaponised and are secretly exploiting. Here are a few of the basics to get right.

Only use what you need

What do I mean by that?

  • Control the software and hardware in use in your organisation. Do not allow your team to start using new hardware or software without going through a process to see if there is something already in use that does the same job. If a new product is going to be used, due diligence must be carried out on the vendor and product.
  • Remove redundant hardware and software from your systems as soon as possible.
  • Do not use end-of-life software or hardware.
  • Manage all credentials.
  • All of this should be tracked in your Cyber Security Master Document.

Patch, Patch, Patch

Patching closes the Zero-day threat and risk – fixing the flaws that threat actors may be exploiting. It is obvious you need to patch and update as soon as possible. (NCSC. 2021)

  • Have a patch management policy in place.
  • Set automatic updating wherever possible.
  • Keep updated with the cyber security news about your products (https://smartthinking.solutions/)
  • Communicate to your team how important it is that patches and updates are applied ASAP.
  • Use an RMM tool to check that the updates have been done.
The Zero-day Threat - What can you do about it? Cyber Awake

Training

You are trying to prepare for the unknown here. Some cyber security awareness training for your team will help them be aware of a range of cyber security issues and how they can help to defend against them. This should include  patching and being vigilant for odd happenings that may indicate a successful attack.

The Zero-day Threat - What can you do about it? Cyber Awake

Culture and Blame

These are important, here is why:

Zero-day attacks – what’s next

The above advice is what you can implement immediately. In part three we are going to look at some advanced tools that can help you (or a cyber security analyst) recognise a possible attack.


Clive Catton MSc (Cyber Security) – 
by-line and other articles

References

NCSC. (2021). Install the latest software and app updates. NCSC. https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/install-the-latest-software-and-app-updates

Further Reading

The Zero-day Threat – What is it? | Smart Thinking Solutions

Practice Drinking Coffee* better known as Planning and Preparation | Smart Thinking Solutions