Unlocked padlock on computer screen
Zero-day vulnerabilities are newly discovered security holes.

Zero-day vulnerabilities

According to technology security specialist Symantec, a new zero-day vulnerability was discovered every week in 2015.

A zero-day vulnerability refers to a hole in new software or operating systems that is not known by the vendor at the time of release. As a result, hackers can freely attack this vulnerability until it’s fixed by the vendor and updated by the end user.

What else did the report uncover?

In its report, Symantec discovered the following:

  • In 2015, 54 zero-day vulnerabilities were discovered in new software and operating systems.
  • This represents a 125% increase in zero-day vulnerabilities from 2014 indicating that cyber security is becoming less effective, not more.
  • Flash Player-related attacks accounted for 19% of zero-day vulnerabilities which gave hackers full remote access to your system.
  • This coincides with web browsers Mozilla Firefox and Google Chrome phasing out support, which poses further risks to your system.
  • Once a zero-day vulnerability was exposed there was, on average, a seven-day period between the vendor and end users becoming aware of the vulnerability, and the vendor building and distributing an effective patch.
  • This effectively granted hackers seven days to exploit the vulnerability before (and assuming that) it was patched.

Your task

Download the Symantec A New Zero-Day Vulnerability Discovered Every Week in 2015 infographic and analyse the data.

How do you think issues like zero-day vulnerabilities should be managed in a business? Discuss your thoughts in the comments.

Share this article:

This article is from the free online course:

Cyber Security for Small and Medium Enterprises: Identifying Threats and Preventing Attacks

Deakin University

Get a taste of this course

Find out what this course is like by previewing some of the course steps before you join: