We don’t know what we don’t know; this is the quintessential problem plaguing security teams and the primary reason that zero-day exploits can cause such damage. They’re a threat actor’s dream, creating the perfect storm of downtime and panic.
With the element of surprise on an attacker’s side, it can feel like security teams are at a total loss when it comes to these types of threats, but that doesn’t mean there aren’t steps that can be taken to prepare for such an attack. The truth is that these attacks aren’t much different than more well-known tactics and shouldn’t require special treatment – so long as the right security fundamentals are in place.
Boiling down the basics
At its core, a zero-day attack has the same end goal as most other attacks. Threat actors take advantage of a weakness in security to gain access, but that is only the initial foothold, with the real damage coming after they get in. Once files have been encrypted, data has been leaked and money is being demanded, there is much more for security teams to worry about. But what if it never got to that point? To make this possible, security teams must ensure the organization’s security posture is equipped to mitigate the extent of a zero-day.
Essential security practices and tools such as an emergency response plan, inventory of systems and software, constant scanning and monitoring, segmentation and tabletop exercises are all key elements a security team should already be implementing. Without these basic best practices in place, the incident can progress as attackers create admin accounts, move laterally within systems, and cause an extensive security nightmare.
Not if, but when
Part of preparing means setting realistic expectations when it comes to the likelihood of an attack. While no one wishes for a cyberattack, an organization is likely to experience one sooner or later. That’s why it pays to be ready.
Organizations need to shift from a prevention mindset to a resilience philosophy, because at the end of the day it is impossible to stop every attack from happening, especially when it comes to zero-days. While stopping these attacks might not be possible, mitigating them is. Planning is a key factor and being prepared will put both business leaders and security teams at ease with the knowledge that they will handle a threat accordingly when the time comes.
First and foremost, security teams must identify if they’re vulnerable to the particular exploit. This should be easy if an organization’s defenders have an accurate and updated inventory of systems and software as well as awareness of the org’s attack surface. Case in point: the extent of the Log4Shell vulnerability is still unknown as security teams continue to find Log4j in their assets. With this awareness, teams can respond in a timely manner when mitigating steps are released.
If a software or system has been compromised, it’s more challenging to identify the initial attack vector because of the unknown nature of the vulnerability. Even though the source of the bleeding can’t immediately be identified, there are ways to prevent complete loss. This is where a plan is crucial to guide personnel on next steps. With the proper controls in place, along with a plan, organizations can optimize the best-case scenario given the situation.
Eye on the prize: A good foundation goes a long way
By nature, zero-days create a sense of uncertainty for security teams and business personnel. Rather than focusing on what can be done to stop it from happening, a more valuable use of time and resources would be to ensure exposure is limited. Good security practices are important regardless of how the attack happened in the first place.
For example, practicality and preparedness make for a perfect combination when it comes to mitigating cyber attacks. As headcount shortages in cybersecurity continue, monitoring and responding to every alert becomes more challenging. Attackers already have the upper hand in a zero-day attack, that’s why strong incident response procedures can help teams utilize resources effectively and efficiently to minimize damage.
Bottom line – fundamentals matter.