Report from CISA and NSA details the prevalence of "Zero Day" vulnerabilities in annual report on Cyber Threats.
You have heard me say it many times before but I am not a fan of industry speak or acronyms for a lot of different reasons (some possibly relating to the USMC) <--- see what I did there 🙂
The simple problem I have with industry specific terms is that they have a tendency to alienate our target audience. Security Awareness Training is paramount in the functional defense of our businesses and I prefer a culture in which we endeavor consistently to tailor our messages to the end user (not our peers).
That being said, what is a "Zero Day" vulnerability?
You may have heard the term before or read it in a buzz worthy headline but what does it mean....
Zero Day refers to a problem that you didn't know you had, or was even possible to have prior to its exposure.
For instance, if you have ever driver a vehicle in extreme weather (very hot or very cold) then you may have experienced a "Zero Day" situation as a driver. I remember driving in extreme negative temperatures and the vehicle I was operating stopped shifting gears...I am not a person prone to panic so I noticed the problem, manually adjusted the transmission to the last gear we it had successfully utilized and then kept driving. I learned about an hour later after speaking with a maintenance chief that the temperature was so low that the transmission fluid was likely freezing or gelling in the cooling lines and causing the transmission to malfunction temporarily....I WAS NOT AWARE that could happen....Zero Day (for me).
In technology the same thing occurs. Someone designs a software or web page for public use and everything is going along fine and people love the product. One day the software is overloaded with traffic and a flaw that was not obvious could ever occur suddenly creates a problem. If that problem is recognized and exploited by an enterprising criminal then you have a zero day (think extreme cold weather in my example).
Key Takeaway?
These vulnerabilities are inevitable, ensure that your organization is protected by layers of security software and hardware in order to offset the risks posed by these threats.