In an increasingly hyper-connected, ever-evolving digital age, cyber security has never been more important — and if you’re a small- to medium-sized business owner, this applies to you, too. That said, one of the most prevalent and threatening of all cyber violations is something called a zero-day attack.
To put this very real and potentially devastating threat into perspective: In 2017, zero-day attacks rose from eight in 2016 to a worrying 49. And when this form of cyber violation became more prominent in 2016, several vulnerabilities were discovered in Adobe products (135), Microsoft products (76) and Apple developments (50).
So, what is a zero-day attack, exactly? Let’s explore.
Related: Understanding Online Security Threats
The zero-day attack, explained
With the continual evolution of digital technologies and interconnected networks such as the Internet of Things (IoT), the threat of a devastating zero-day attack is rising — so understanding, as well as protecting yourself against, these acts of cyber terror is essential.
At its core, a zero-day attack is a weakness within a network or software program that has been targeted by hackers. When a zero-day attack occurs, it's typically because a hacker identified a vulnerability before system operators or software developers.
Occasionally, even if these vulnerabilities are identified swiftly, hackers manage to make their move before the programmers or developers even have time to react — causing significant loss and damage as a result.
The term zero in zero-day attack comes from the fact that hackers quickly identify a weakness in a piece of software — for instance, instantly after it's launched or upgraded. And this branch of cyber attack is usually conducted with malware, meaning it can cause an incredible amount of devastation in a short space of time.
To paint a clearer picture, here are two real-life examples of the zero-day attack:
Sony
In late 2014, media giant Sony Pictures Entertainment endured a large-scale zero-day attack. While the specific vulnerability that hackers leveraged remains unknown, this is still considered the worst corporate cyber-attack of its kind in history.
A team of hackers called of the Guardians of Peace crippled Sony’s primary network and released a host of sensitive corporate data on public file-sharing sites. The files included four unreleased featured films, private business plans, contracts and the personal emails of all top executives.
The hackers claimed they had grabbed almost 100 terabytes of data over the several weeks they hit Sony’s network. Surprisingly, the motivation for the attack wasn't gaining a monetary profit for themselves. On the contrary, the group claimed that the movie "The Interview," a film with a plot based on a CIA-backed plot to assassinate North Korean leader Kim Jong-un, shouldn't make Sony any profit — whatsoever.
Hence the attack.
DNC
The Democratic National Committee (DNC) was hit by a zero-day attack that resulted in the release and tampering of the group's most critical data.
In this instance, there were approximately six vulnerabilities exploited by hackers in a successful bid to gain access to the stolen data. The vulnerabilities — found by state-backed Russian hackers in Microsoft Windows 10, Adobe Flash and Java — were responsible for the zero-day attack. And to achieve their goal, the group engaged in a spear-phishing campaign.
In a spear-phishing campaign hackers target incredibly specific individuals as opposed to the general public. During this particular campaign, the Russian hackers sent out countless emails with booby-trapped links to password-claiming phishing pages to those involved with the DNC. Any recipient that clicked on the bit.ly and tiny.cc URLs handed control of their PCs and the DNC network to the hackers, on a plate.
Related: How to protect your business from phishing scams
How to protect your website against a zero-day attack
Now that it's clear just how threatening a zero-day attack is and just how important it is to protect yourself against such evil acts, here are practical tips and advice that will help to fortify your business.
Create sustainable security protocols
For a network to be fully ready to act should zero-day violation occur, all staff must be trained on the best practices for security. That said, you should develop and roll out a sequence of security measures and train your workforce (or yourself if you're a sole trader) about when and how to act in the event of a potential cyber emergency.
Related: What is the cybersecurity skills gap?
Update your browsers
Web browsers are one of the most common targets for hackers. If your browser isn't up to date, it might be vulnerable to malware that didn't exist when you first updated said browser. Despite the fact that today's browsers — including Firefox, Chrome and Opera — often update automatically, you should still check periodically to make sure that every computer in your network is equipped with the most recent version of each browser.
Get security software
Without robust security software, you run the risk of zero-day attack violations of the first degree. So, with that in mind, you must install the right security software to the computers in your network — this will fortify your website and most prize business assets tenfold.
Related: Tools to Secure a Website
Make website backups
One of the most essential elements of cyber security and zero-day attack protection is conducting regular website backups — thus ensuring that if you do fall victim to a hacker, your most important information, assets and files will exist in some form. Doing this regularly can be difficult to remember and time consuming, so installing reliable website backup software is a must.
Related: Introducing GoDaddy’s set-it-and-forget-it Website Backup
Take the right precautions
“People always make the best exploits. I’ve never found it hard to hack most people. If you listen to them, watch them, their vulnerabilities are like a neon sign screwed into their heads.” ~ Elliot Alderson, “Mr. Robot”
Remember, zero-day attacks are very real. To protect yourself and your business from this level of cyber threat, you must take the right precautions — now. We hope this has served to help you in your quest to make your business cyber secure.