TACKLING THE ZERO-DAY EXPLOIT: WHY ORGANIZATIONS ARE MOVING TOWARDS PROACTIVE SECURITY SOLUTIONS
November 12, 2018
An unknown or zero-day exploit is, by its very nature, mysterious. However, thanks to new research, what is now crystal clear is exactly how big a risk these attacks pose to organizations and how badly traditional security measures are failing in the face of them.
The Ponemon Institute’s 2018 State of Endpoint Security Risk surveyed 660 IT professionals to uncover what types of attacks are wreaking havoc on organizations and what kind of havoc is being wreaked. A massive 64% of respondents indicated that the data assets or IT infrastructure of their organizations were compromised by an attack in 2018. This is a startling increase of ten percent over 2017, and unless organizations start proactively tackling the zero-day exploit problem, that number is going to keep rising.
Zero-day is every day
The answer to the question of what kind of attacks are doing damage to organizations is definitive: a full 76% of 2018’s compromising attacks were zero-day exploits. By contrast, just 19% of organizations were compromised by known or existing attacks. This means a zero-day exploit was four times as likely to compromise assets or infrastructure.
There was a time when zero-day exploits were perceived as something IT professionals were nearly powerless to deal with. A force majeure, so to speak, making the resultant data theft, account hijacking or network compromise seem inevitable and unavoidable. But while there may have been some truth to this perception long ago, the current reality is far from it.
Unknown attacks can be prevented, and they desperately need to be. Clearly, they are not, however, and the fault lies in the technology being used to defend organizations.
Traditional security for non-traditional attacks
The huge number of zero-day exploits compromising organizations ranks as the most significant revelation in the entire State of Endpoint Security Risk report, and coming in a close second is the disclosure that IT professionals estimate their traditional antivirus solutions are capable of blocking just 43% of attacks. That’s 57% of attacks capable of getting past the solutions meant to stop them!
Even so, 76% of organizations are still relying on traditional antivirus solutions for protection. With so many organizations relying on a signature-based solution to try and stop zero-day exploits that do not have a known signature, little mystery remains when it comes to how unknown attacks have managed to be so successful.
After antivirus solutions, the next most common form of cybersecurity employed by organizations is patch management, with 57% of surveyed organizations relying on this method to protect against compromising attacks. While patch management is undoubtedly an important component of cybersecurity, it is not without its flaws. According to the report, it took an average of 102 days to deploy a patch. One hundred and two days for a zero-day exploit to cause devastating damage in an organization relying on patch management for protection.
Combine that gap with the months and even years it can take an organization to discover a data breach, and it’s no wonder the State of Endpoint Security Risk report found the cost of a successful attack hit $7.1 million in 2018. This is up from an already-whopping $5 million per attack in 2017.
Looking beyond the bad news
Contrary to the stunning statistics and unwelcome reality check provided by the Ponemon Institute, it wasn’t all doom and gloom in the endpoint security report. 70% of respondents indicated their organizations have either already replaced their traditional antivirus solutions, or plan to within the next 12 months. In addition to providing woefully inadequate protection against zero-day exploits, the IT professionals surveyed said one of the biggest challenges in dealing with antivirus solutions is the high number of false positives – up to 55% of all alerts.
Swapping traditional, security-based antivirus solutions for a proactive security solution that protects endpoints by sanitizing all incoming files for a fully secure data flow will go a long way towards reducing the scarily huge number of zero-day exploits compromising organizations as well as the millions of dollars being spent to clean up the mess. Advanced attacks need advanced solutions, not legacy solutions that have already been shown to come up short against unknown attacks.