Zero-days, or vulnerabilities that have been discovered and exploited but not yet repaired, usually aren’t all that common. That could soon change.
For most organizations the biggest threat comes not from zero-days, but from known vulnerabilities that for whatever reason aren’t patched quickly enough. (Usually that reason has to do with logistics, such as the need to test how updates can affect legacy apps and services.)
But according to Digital Defense Inc., a big change is on the horizon. Zero-days, which are found once a week on average, may become a daily occurrence by 2021.
The patching service also expects that more enterprise critical applications will have vulnerabilities in them and that open-source code could be a major problem given how many applications it’s currently being used by,
What to do
Companies would be wise to continue focusing primarily on patching known vulnerabilities. It’ll always be more likely that you’ll be hit by one of these attacks rather than an unknown exploit.
Other steps to consider:
- Avoid IOT devices … or at least select secure ones. Many of these devices aren’t built with security in mind and won’t be patched regularly in the event they’re breached.
- Use trusted vendors. Having your software up-to-date will require effort from vendors, too. Make sure you only go with those who buy into security and vulnerability management.
- Monitor for unusual activity. If you notice something wrong in your own systems you may be the next to discover a zero-day rather than being one of the myriad security pros reacting to it.