By Sundar Balasubramanian
Cyber criminals are increasing their use of zero-day vulnerabilities, reflecting a shift in attack techniques. We’ve only just begun to see the impact. Here’s what we know and how you can take proactive measures that can change outcomes:
Although leveraging zero-day vulnerabilities isn’t new, ransomware groups are now actively searching for zero-day vulnerabilities to exploit, as they allow for efficient compromise of hundreds or thousands of organizations simultaneously. Such cyberattacks will see increases – as per Check Point’s Threat Intelligence Report, in India, an organization in India being attacked on average 2146 times per week in the last 6 months, compared to 1239 attacks per organization globally. With cyberattacks coming in from multiple vectors, managing the risk of such zero-day attacks requires prevention, not just detection, a philosophy Check Point have adopted as the basis of our solutions and where we have been nominated as the leader with highest catch-rate for several years now.
In July, the MOVEIT Transfer attack made it apparent that zero-day vulnerabilities can result in the compromise of 2,100 organizations at once and millions of dollars’ worth of damage. In order to mitigate risks associated with zero-days, follow these zero-day attack prevention tips:
10 top zero-day attack prevention tips
- Vulnerability scanning. Vulnerability scanning can detect some zero-day exploits. However, scanning alone isn’t enough. Organizations need to act on the results of a scan, perform code review and sanitize code accordingly. The entire process can be time-consuming and can provide windows of opportunity to hackers. As vulnerability scanning alone isn’t sufficient, keep reading…
2. Patch management. Effective patch management is critical when it comes to preventing zero-day threats from being exploited. But, manual patch management can be time-consuming and tedious. Enterprises with a large number of endpoints should consider streamlining patch management through automation.
With automated patch management, the entire patch process – from identifying where patches are missing, to testing patches, to deploying them, to updates and producing reports – becomes easier. Automation means that organizations can conserve human resources, improve their security posture, and elevate system integrity.
- Firewall.A firewall will review all incoming and outgoing network traffic based on predetermined security rules, filtering out malicious inputs that might target security vulnerabilities.
- Advanced threat intelligence. Invest in advanced threat intelligence services in order to get real-time information about emerging vulnerabilities.
- XDR/XPR.Extended Detection and Response (XDR) and Extended Prevention and Response (XPR) technology integrates data from a variety of sources to offer a comprehensive overview of an organization’s cyber security posture. In turn, security teams can detect and respond to threats more quickly and effectively than they would be able to otherwise, helping to prevent zero-day attacks and other emerging threats.
- Cloud-specific measures.Extend your zero-day prevention efforts to cloud environments. Implement cloud-specific cyber security measures, such as Security Information and Event Management (SIEM), data encryption, configuration management best practices, cloud-native security tools and zero-trust for cloud.
- Consolidation. A unified security platform is essential in preventing zero-day attacks. A single solution that offers visibility and control across an organization’s entire IT ecosystem has the context and insight required to identify a distributed cyber attack. Further, the ability to perform coordinated, automated responses across an organization’s infrastructure is helpful in thwarting fast-paced zero-day attack campaigns.
- Incident response plan. Every organization needs an incident response plan – one that provides instructions around discovering and containing cyber vulnerabilities and threats.
When creating an incident response plan, include a mission statement, formal documentation around roles and responsibilities during a possible attack, a recap of primary cyber threat vectors likely to affect a given organization, policies around making payments to cyber attackers, incident classification guidelines and under what circumstances an incident must be reported to law enforcement (and how quickly).
- Data backups.A strong data backup system means that an organization will be able to efficiently recover from threats, including exploited vulnerabilities. Avoid catastrophic levels of damage. Follow the 3-2-1 rule. Reliable backups are arguably worth their weight in gold. They also provide peace-of-mind.
- Third-party risk management. Ensure that your third-party business partners are enforcing standards that proactively protect your business. In addition, consider standardizing your third-party risk management process (instead of using spreadsheets and consequently chasing business partners via email in the event of a major security threat).
More information
Zero-day attacks aren’t going away anytime soon. Looking for additional insights? The advice provided by the Cybersecurity and Infrastructure Security Agency (CISA) in its Shield Up program, is great for organizations that want to build cyber resilience. You may also be interested in CyberTalk.org’s The Case for A Prevention-First Approach whitepaper.
(The author is Sundar Balasubramanian, Managing Director, India and SAARC, Check Point Software Technologies, and the views expressed in this article are his own)
