Photo: iStock

By Dave Warner, Systems Engineer at Cenetric

It seems like we’re always telling you about this cybersecurity issue or that potential attack vector, doesn’t it? And as scary as these posts might get sometimes, that’s what we’re here for — to educate you so you can protect your business. 

Today’s example of cybersecurity trouble: zero-day attacks. 

Zero-day attacks vs zero-day vulnerabilities

A zero-day attack is a cyberattack that happens when a threat actor finds a zero-day vulnerability in a system and immediately exploits it.

That’s why it’s called a zero-day vulnerability — it takes a criminal zero days to act on it. No one knows it’s there, so there’s no fix. Since no one knows about it, it’s a bit of a race when it comes to who will discover it first. Will the system vendor find it and fix it with a patch — or will a threat actor uncover it and exploit it?

Finding zero-day vulnerabilities

Don’t let the name fool you — just because they’re exploited quickly doesn’t mean they’re found quickly. Just last month, the Trend Zero Day Initiative (ZDI) threat-hunting team found a vulnerability that had been used by criminals since 2017.

While it’s rare for a zero-day vulnerability to go undiscovered for years, it’s not unusual for them to take months to find. IBM’s 2024 Cost of a Data Breach study determined the average time to identify a zero-day vulnerability was 183 days. Once found, they took longer to contain than other types of attacks in IBM’s study, likely because they’re such a surprise to the vendors and businesses affected.

Preventing zero-day attacks

Zero-day attacks can happen in any device or system — from a browser to a Wi-Fi-connected thermostat — and steal your company’s data, login credentials, banking information or even spy on your activities. No vendor is 100% safe and some of the software and tools we all use daily (like Microsoft solutions) are frequent targets. 

The trouble is, since no one knows what these flaws are, you never know when they’re coming, which means you have to proactively work to prevent them. And while SMBs might seem like they’re less likely to be attacked, they often make better targets because criminals bet that they’ll have fewer protections set up. So let’s fix that. 

Take action to protect your company: 

1. Make sure all your systems are updated to their latest version, including software, hardware, network, devices — all of it. Vendors make patches for newly discovered vulnerabilities available in these updates, so when you install them you can feel more confident you’re protected from the latest threats.
   
   
2. Invest in a secure firewall. A hardware firewall is the best choice, but they are more easily managed by an IT professional than a typical employee.
   
   
3. Implement next-gen antivirus (NGAV) or endpoint detection and response (EDR) software. NGAV and EDR look at system behavior rather than specific code, so they can often catch and stop zero-day attacks because they notice when the computer is doing something out of the ordinary. These solutions don’t need to look for faulty code — they see strange activity and stop it. Leading NGAV and EDR software to consider: SentinelOne, Microsoft Defender for Endpoint, or Crowdstrike Falcon
   
   
4. Have a cybersecurity incident response plan in place and up to date. Knowing exactly how to act quickly during a stressful situation will cut down on your time to contain the incident.
   
   
5. Get a cybersecurity insurance plan. If you don’t have one now, find one immediately.

An IT expert can help protect you from zero-day attacks 

Your days are consumed with running your business, so you’re probably not well-versed in how to handle all this. Working with a managed IT services provider like Cenetric is the best way to get it all done so your company has the highest level of protection from zero-day incidents and other cyberattacks. 

Even if you have an existing IT team, working with outside experts can take the pressure off your staff and cover areas like cybersecurity where they might not have as much experience. Through co-managed or managed services, Cenetric can help you stay ahead of threats. 

Cenetric has the experience and availability to help you prevent an attack — or respond if you’ve already been hit. Let’s set up a time to talk about cybersecurity.