Zero day exploits: What they are and how they work

Core Security's Bobby Kuzma provided this quick explainer on zero day exploits and why businesses should be concerned about them.

Consumers and organizations of all sizes will be impacted by cyberthreats. As digital transformation impacts every industry, every device we own becomes networked, and the scope of cyberthreats and threat actors can vary dramatically.

TechRepublic's Dan Patterson spoke with Core Security's Bobby Kuzma to explain what zero day exploits are and how they work.

A zero day is a bug that no one knows about until it's "used in the wild," Kuzma said. It's a hole in code and connected devices that allow exploitation, and it comes in different shapes and sizes that vary from device to device. The term comes from the lack of foreknowledge about what is going on, he said.

"It's like a new biological virus, or plague that we don't have a way of defending against," he said. The best way to fight against these bugs is through good practices.

SEE: Zero day exploits: The smart person's guide

These bugs are valuable because they take a lot of resources to discover. Because of that, you don't 'burn a zero day' just for fun, he said. Actors must have a very high-value purpose for deploying them.

"Every organization that uses hardware and software potentially has exploitable zero days in their environment—it's just a factor of using technology," he said. "You know that they're going to exist." When organizations assume zero days are going to be there, they can factor that risk into their security model.

By planning for the unexpected and focusing on security basics, companies will be more prepared for when someone drops a zero day on their network, he added.

Also see

Image: iStock/Getty Images

About Leah Brown

Leah Brown is the Associate Social Media Editor for TechRepublic. She manages and develops social strategies for TechRepublic and Tech Pro Research.

Editor's Picks

Free Newsletters, In your Inbox