Organizations shouldn’t downplay the significance of zero-day threats, but they should put them in perspective by considering the known weaknesses within the organization. Basic errors lead to costly breaches. Configuration errors introduce holes that make it unnecessary for an attacker to use an expensive zero-day exploit to penetrate your system, according to Marc Maiffret, chief technology officer at BeyondTrust.
Often, firms have antivirus software that isn't updated regularly with the latest signatures, endpoint software that isn't patched, and flaws in browser components that make it easy for a hacker to get a foothold into the corporate network, say experts. By conducting a regular assessment, IT teams can find components in server-based systems that are relatively unused and can be turned off. They can identify and prioritize the real risks that need immediate attention, said Chris Eng, vice president of research at software security vendor Veracode.