Once upon a time, there was the zero-day vulnerability. Then came zero-hour vulnerabilities; now, the time to attack is shrinking, and exploits to vulnerable systems happen in minutes, not days. When Microsoft announced a zero-day vulnerability was in the Exchange Server, it only took five minutes before the Hafnium hacking group began its scan for vulnerabilities.
As the timeframe to attack shrinks, what can you do to protect a device or network from zero-day cyberattacks?
To recap, a zero-day vulnerability or zero-day threat is a common phenomenon. If you look at how software and hardware are developed, it becomes clear why. Development is a process. It begins with understanding requirements, design of user journeys and the component architecture, developing code etc. Each part of the process is open to flaws built in because of the complexities and interdependencies of the moving parts. Rigorous testing helps but cannot completely eradicate the possibility that a flaw will slip in. Consequently, vulnerabilities are so common that a recent study from security test firm Veracode found at least one security flaw in 76% of apps.
The name zero-day refers to the fact that the vulnerability is a recent discovery so that