Zero-day vulnerabilities

According to technology security specialist Symantec, a new zero-day vulnerability was discovered every week in 2015.

A zero-day vulnerability refers to a hole in new software or operating systems that is not known by the vendor at the time of release. As a result, hackers can freely attack this vulnerability until it’s fixed by the vendor and updated by the end user.

What else did the report uncover?

In its report, Symantec discovered the following:

• In 2015, 54 zero-day vulnerabilities were discovered in new software and operating systems.
• This represents a 125% increase in zero-day vulnerabilities from 2014 indicating that cyber security is becoming less effective, not more.
• Flash Player-related attacks accounted for 19% of zero-day vulnerabilities which gave hackers full remote access to your system.
• This coincides with web browsers Mozilla Firefox and Google Chrome phasing out support, which poses further risks to your system.
• Once a zero-day vulnerability was exposed there was, on average, a seven-day period between the vendor and end users becoming aware of the vulnerability, and the vendor building and distributing an effective patch.
• This effectively granted hackers seven days to exploit the vulnerability before (and assuming that) it was patched.

Your task

Download the Symantec A New Zero-Day Vulnerability Discovered Every Week in 2015 infographic and analyse the data.

How do you think issues like zero-day vulnerabilities should be managed in a business? Discuss your thoughts in the comments.