Zero-day exploits and what you can do about them
- Details
- Created: Wednesday, 05 May 2021
- Written by Paul Grigg
There’s always a gap between the discovery of a software flaw and a patch being released to fix it. A “Zero-day exploit” is when the bad guys exploit the flaw before the patch is available, usually before the hardware or software maker even knows the flaw exists. Antivirus, firewalls, web filtering etc, don’t protect you from them. A recent example was the Exchange Zero-day exploit in March 2021. Thousands of organisations were scrambling around when they discovered their Exchange servers were breached.
With organised crime and nation-state backed hackers on the attack organizations need to switch to a mindset that they will eventually be breached in some way. Organizations need to take steps to limit the damage from a breach. It's a bit like sprinklers, fire extinguishers and fire doors in a building. None of them prevent a fire in the first place but limit the damage.
Every organization is different, requiring slightly different strategies, but some that will apply to all are:
- Software to detect and disable intrusions hopping laterally from one device or system to others (Lateral Movement Detection)
- Remove admin rights on devices
- Remove admin rights on cloud/web services
- Limit access within line of business applications
- Structure files/folders and limit access
Engage telanova as your IT team and we will advise you on appropriate security strategies for your organization and implement them.
