Zero-Day Vulnerabilities: What They Are & How To Reduce Risk

The National Cyber Security Centre (NCSC) has issued a fresh warning about the risks of zero-day vulnerabilities for businesses. This has been prompted by the rise of cyberattacks in this category: in 2022, fewer than half of the 15 most commonly exploited vulnerabilities fell into this category, but now they make up the majority of the list.

Here’s a look at what they are and how you can safeguard your business against them. For more targeted advice, you may wish to consider our expert IT support services in Leeds.

What are zero-day vulnerabilities?

A zero-days vulnerability is a flaw in an IT system that has recently been discovered and the vendor is unaware or has not had enough time to issue a fix or a patch. Cybercriminals who discover these weaknesses exploit them to  launch an attack before the developer has had a chance to make a response, hence the term ‘zero-days vulnerabilities.’

When an unpatched security flaw is discovered, cybercriminals may launch stealth attacks that can go unnoticed for long enough to allow them to access sensitive data or deploy malware that can be used to hold businesses to ransom, make unauthorised transactions, send phishing emails, or otherwise compromise operations.  

The NCSC warning

The NCSC has urged all network enterprises to review their cybersecurity measures in the wake of an increase in attacks.The organisation has issued a list of the 15 most commonly exploited vulnerabilities, plus a further 32 that were routinely exploited in 2023, that currently have fixes or patches available. 

They urge business to be vigilant about keeping their IT systems up to date, and call for developers and vendors to adhere to secure-by-design principles to mitigate the risk of exploitable weaknesses in their products. 

Ollie Whitehouse, NCSC Chief Technology Officer, said: “More routine initial exploitation of zero-day vulnerabilities represents the new normal which should concern end-user organisations and vendors alike as malicious actors seek to infiltrate networks.”

“To reduce the risk of compromise, it is vital all organisations stay on the front foot by applying patches promptly and insisting upon secure-by-design products in the technology marketplace.”

“We urge network defenders to be vigilant with vulnerability management, have situational awareness in operations and call on product developers to make security a core component of product design and life-cycle to help stamp out this insidious game of whack-a-mole at source”. 

Further action to reduce the risk of zero-days vulnerabilities

Regularly update software

Businesses are strongly urged to put a system in place to ensure that all vendor updates are installed as soon as they are issued. The best way to achieve this is usually by setting automatic default updates. They should also follow any further advice from the vendor if there has been a risk of business compromise. 

The IT operator should check that the updates have been issued from a legitimate source, which will be the vendor website in most circumstances. The update should be live tested to confirm its effectiveness. Wherever possible, automate the updating and testing process for maximum time efficiency.

If there is a known vulnerability that is being actively exploited by attackers, then the IT systems should be checked for any signs of compromise before the update is applied. 

Educate employees on cyber security

Train all staff on the correct procedures for creating passwords and using two-factor authentication. Human error often escalates or provides an entry point for hackers, so ensure that all staff are able to identify phishing emails and suspicious links, and establish a set procedure so that they can easily report any suspicions. 

Train all staff to be aware of the most common vulnerabilities and be vigilant about changing passwords when staff leave the organisation or move to another department. 

Consider managed IT security services

A managed IT cyber security service will provide a comprehensive security package, including proactive monitoring of your network to detect any issues in the earliest stages; the latest firewall technologies; and off-site storage for critical data backups to enable business continuity in the event of a cyberattack and to protect highly sensitive data.

The service can additionally include a system build review to determine if there are any vulnerabilities in your IT infrastructure, routine vulnerability scanning, and cyberattack simulation and penetration testing for an extra depth of cybersecurity investigation.