Skip to content
Close
LOGIN
CONTACT
PHONE: +44 (0)207 605 7890E-MAIL: hello@oryxalign.com
PHONE: +44 (0)207 605 7890E-MAIL: hello@oryxalign.com
Mega Menu Image 1

Networks

Future ready, intelligent networks for critical environments.

 

 

Mega Menu Image 3 More colour

Cloud

Empower your organisation and
accelerate innovation with agile and secure cloud technology.

Mega Menu Image 2 Blue

Cyber

Managed cybersecurity enabled by a global network of talent, threat intelligence and technology. 

Mega Menu Image 4

Managed IT

IT aligned to your people, not only your tech.

Mid-market - Navy Icon-3
Data Centres

Designing, securing and managing the critical infrastructure powering the leading data centres across the UK and Europe.
Construction - Navy Icon-3
Construction

Partnering with the UK’s leading construction contractors in delivering tech services to power future facilities.
Commercial Property - Navy Icon
Commercial Property

Partnering with landlords and agents to create engaging workplaces through innovative technology services.
Mid Market - Navy Icon
Mid-Market

Empowering mid-market success and streamlining operations with co-managed IT services.
SMB - Navy Icon
SMB

Leveraging our expertise to implement transformative technologies and services, we enable our SMB clients to focus on their growth.

Commerical Property - Navy Icon Copy
Meet the team

We are a happy, supportive community with a clear sense of purpose and a strong team ethic.
Partner Ecosystem - Navy Icon
Partner Ecosystem

Partnership is not a posture but a process – a continuous process that grows stronger each year as we devote ourselves to common goals.
ESG - Navy Icon
ESG

We will dedicate more of our time and our talent to do all we can to positively impact the environment, our workforce and our community.
Careers - Navy Icon
Careers

We are always looking for new talent. If you're looking to become a part of something great, let us know.
Oryx O Orange and Navy - Navy Icon
Our Company

We create true alignment between your ambitions and the technology you need to achieve them.

Blogs - Navy Icon
Blogs

Latest posts on the technology ecosystem covering cutting-edge industry trends, expert advice, valuable insights and thought leadership.
News - Navy Icon
News

From award wins to sustainability, team events and coverage in the media - stay up to date on everything OryxAlign with our latest news.
Video Content - Navy Icon
Videos, Infographics & Guides

Explore current and future trends across the technology landscape with our comprehensive selection of videos, infographics and guides.

OryxAlignApr 6, 20214 min read

Zero-Day attacks – how to protect your business

Zero-day attacks are becoming an increasingly popular method for attackers to cause disruption, and that’s why prevention is a must. We discuss zero-day attacks in depth and how to protect your business from this growing threat vector.

What are zero-day attacks?

When security vulnerabilities and flaws are found in software or operating systems, it becomes payday for cyber criminals. They exploit the fact that patches aren’t yet in place, but they have to work right away – hence the term ‘zero-day’.

 

How they work

Stage 1 – Vulnerability introduced
A developer has produced a software that unintentionally comprises vulnerabilities.

Stage 2 – Vulnerability discovered by attackers
Cyber criminals become aware of the vulnerability and begin working on ways to exploit it.

Stage 3 – Vulnerability discovered by vendor
At this point the vendor knows about the vulnerability but the patch is yet to be made available. After this the vendor or researchers will make this public knowledge.

Stage 4 – Antivirus signatures released
In the event of a zero-day malware, any anti-virus vendors can recognise its signature and protect against. However, there may be alternative ways of exploiting, leaving systems still exposed.

Stage 5 – Patch released and deployed
Depending on the severity of the vulnerability, the vendor will release a patch in due course. Although available, it can take a long period of time to deploy it. Factors such as not having the right resources in place to help with this, can affect the time it takes to fix the flaw.

 

High-profile zero-day attack examples

Sony
Sony Pictures were a target of a devastating zero-day attack back in 2014. Clear details of the vulnerability exploited are still unknown, but the attack crashed their network. The hackers also released the following sensitive information:
• Personal information about Sony employees
• Internal correspondence
• Information on executive salaries
• Unreleased Sony films

RSA
Back in 2011, RSA revealed that their security was hacked due to an (then unknown) unpatched vulnerability in Adobe Flash Players. The hackers gained access to the RSA network by sending employees emails with Excel attachments which activated a Flash file exploiting the zero-day flash vulnerability. The attack resulted in the cyber criminals extracting information about RSA’s SecurID, a two-factor authentication used to secure banking transactions and network access.

 

How to prevent zero-day attacks

Vulnerability scanning

To mitigate any security risks, your business can carry out regular and consistent vulnerability testing to detect any weaknesses in your systems. However, when vulnerabilities are found, you should work on patching immediately to prevent an exploit. By doing so, you’ll be one step ahead of the game by eradicating any opportunities that hackers may use to launch zero-day attacks.

Patch management

Although patch management can’t technically prevent zero-day attacks, it can dramatically reduce the exposure of your systems. And keeping up with regular patching means that it does make attacking more challenging for cyber criminals to succeed. They may require additional vulnerabilities for the intended target to successfully carry out a successful attack.

Software updates

By regularly performing software updates, you’ll have the latest features and be up to date with any critical patches that can fix any security holes. Avoiding software updates will leave your systems vulnerable and more prone to any infections that could be fixed with new updates.

 

What technologies can my business implement for further protection?

Although there are approaches your business can use for prevention against zero-day attacks, there are further measures that all businesses should take to prepare and reduce threats affecting your business.

Web Application Firewall

One of the most effective ways to prevent zero-day attacks is by using a robust web application firewall. This ensures that all incoming traffic to web applications is tracked, and any malicious traffic that can target vulnerabilities are filtered out.

Advanced Malware Prevention

Malware still continues to bypass existing and traditional defences and they’re constantly evolving in sophistication. Consider investing in an advanced malware prevention solution that targets zero-day attacks, advanced persistent threats, and advanced malware using multi-later threat prevention.

Endpoint Detection and Response

Basic security like anti-virus just doesn’t cut it anymore. With attackers getting more clever and finding new ways to target businesses, it’s imperative for all businesses to keep up and implement additional measures to combat attacks. Some attackers may install malicious bots and trojans, so you should look to invest in an effective Endpoint Detection and Response ( EDR ) solution which will work to prevent, detect and respond to unknown and advanced threats in real time.

Zero-day attacks are on the rise, so prevention is something all businesses need to be looking into. Looking to find out more information? Get in touch with our cyber security experts today.

OryxAlign

RELATED ARTICLES