Threats posed by zero-day vulnerabilities were ranked by global IT decision makers as their top security concern, according to a recent survey by security firm PatchLink.
Fifty-three percent of respondents put zero day vulnerabilities as the No. 1 security concern, followed by hackers, cited by 35 percent, and malware and spyware with 34 percent. PatchLink surveyed 250 customers worldwide, including CIOs, CSOs, IT directors and managers.
“The prospect of zero-day attacks is extremely troubling for organizations,” said Charles Kolodgy, research director for security products at IDC in Framingham, Mass. “Today’s financially motivated attackers are creating customized, sophisticated malware designed to exploit unpublished application vulnerabilities in specific applications before they can be fixed.”
Many IT departments are spread thin and lack the resources to proactively defend against zero-day threats, and attackers are using this to their advantage, said Kolodgy.
Brian Bourne, president of Toronto-based IT security consultancy CMS Consulting Inc., was surprised that zero-day vulnerabilities would concern many IT executives, as such exploits are typically used for targeted attacks.
Such concern may be out of lack of a complete understanding on how to protect against these threats, he noted. Bourne says that a defense-in-depth strategy is still “the right strategy” for protecting against zero-day exploits. He urged IT managers to subscribe to a vulnerability advisory list, so that they can get all updates on most recent zero-day discoveries. 070042