This post was first made on 22 April 2022
I regularly write about the issues around the zero-day vulnerability and our Social Engineering and Email Cyber Security Training course aims to equip individuals and organisations to meet the challenge that the zero-day poses. Google’s Project Zero has reported on it’s research into zero-day threats in 2021. The team detected and reported on 58 zero-day threats that they found in the wild, in 2021 – this is the highest number since Project Zero started in 2014.
Project Zero: The More You Know, The More You Know You Don’t Know (googleprojectzero.blogspot.com)
It doesn’t sound a lot, however for each one of these threats you had no technical defences until all the various software vendors you depend on caught up, discovered the vulnerability, created the solution, tested the solution, issued the patch and then you and everyone in your team had downloaded and installed the patch.
During that you and your organisation’s cybersecurity were dependent on your team being able to recognise behaviour “out of the ordinary” and then being able to react correctly. That’s where training and threat awareness comes in.
Update 25 April 2022
2021 was a record year for exploited zero-day security bugs • The Register
US DOJ probes Google’s $5.4b Mandiant acquisition • The Register
Clive Catton MSc (Cyber Security) – by-line and other articles
