Cybersecurity Module 1 PDF
Document Details
Uploaded by Deleted User
Tags
Summary
This document provides an introduction to cybersecurity concepts, including types of cyber security, such as network, application, and data security. It explores disaster recovery planning and cybersecurity goals, along with key principles like confidentiality, integrity, and availability. The document also discusses cyberspace and its associated technologies, TCP/IP, and web technologies.
Full Transcript
Module 1 CYBERSECURITY The technique of protecting internet-connected systems such as computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks is known as cybersecurity. We can divide cybersecurity into two parts one is cyber, and the other is security. Cybe...
Module 1 CYBERSECURITY The technique of protecting internet-connected systems such as computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks is known as cybersecurity. We can divide cybersecurity into two parts one is cyber, and the other is security. Cyber refers to the technology that includes systems, networks, programs, and data. Types of Cyber Security Network Security: It involves implementing the hardware and software to secure a computer network from unauthorized access, intruders, attacks, disruption, and misuse. This security helps an organization to protect its assets against external and internal threats. Application Security: It involves protecting the software and devices from unwanted threats. This protection can be done by constantly updating the apps to ensure they are secure from attacks. Information or Data Security: It involves implementing a strong data storage mechanism to maintain the integrity and privacy of data, both in storage and in transit. Identity management: It deals with the procedure for determining the level of access that each individual has within an organization. Operational Security: It involves processing and making decisions on handling and securing data assets. Mobile Security: It involves securing the organizational and personal data stored on mobile devices such as cell phones, computers, tablets, and other similar devices against various malicious threats. These threats are unauthorized access, device loss or theft, malware, etc. Cloud Security: It involves in protecting the information stored in the digital environment or cloud architectures for the organization. Disaster Recovery and Business Continuity Planning: It deals with the processes, monitoring, alerts, and plans to how an organization responds when any malicious activity is causing the loss of operations or data. Its policies dictate resuming the lost operations after any disaster happens to the same operating capacity as before the event. Cyber Security Goals Cyber Security's main objective is to ensure data protection. The security community provides a triangle of three related principles to protect the data from cyber-attacks. This principle is called the CIA triad. The CIA model is designed to guide policies for an organization's information security infrastructure. When any security breaches are found, one or more of these principles has been violated. Confidentiality Confidentiality is equivalent to privacy that avoids unauthorized access of information. It involves ensuring the data is accessible by those who are allowed to use it and blocking access to others. It prevents essential information from reaching the wrong people. Data encryption is an excellent example of ensuring confidentiality. User IDs and passwords constitute a standard procedure; two-factor authentication (2FA) is becoming the norm. Other options include Biometric verification and security tokens, Integrity This principle ensures that the data is authentic, accurate, and safeguarded from unauthorized modification by threat actors or accidental user modification. If any modifications occur, certain measures should be taken to protect the sensitive data from corruption or loss and speedily recover from such an event. In addition, it indicates to make the source of information genuine. Data might include checksums, even cryptographic checksums, for verification of integrity. Backups or redundancies must be available to restore the affected data to its correct state. Furthermore, digital signatures can be used to provide effective nonrepudiation measures, Availability This principle makes the information to be available and useful for its authorized people always. It ensures that these accesses are not hindered by system malfunction or cyber-attacks. This is best ensured by rigorously maintaining all hardware, performing hardware repairs immediately when needed and maintaining a properly functioning operating system (OS) environment that is free of software conflicts. It's also important to keep current with all necessary system upgrades. Cyberspace Cyberspace refers to the virtual computer world, and more specifically, an electronic medium that is used to facilitate online communication. Cyberspace typically involves a large computer network made up of many worldwide computer subnetworks that employ TCP/IP protocol to aid in communication and data exchange activities. TCP/IP stands for Transmission Control Protocol/Internet Protocol and is a suite of communication protocols used to interconnect network devices on the internet. TCP/IP is also used as a communications protocol in a private computer network (an intranet or extranet). Web Technology Web Technology refers to the various tools and techniques that are utilized in the process of communication between different types of devices over the Internet. A web browser is used to access web pages. Web browsers can be defined as programs that display text, data, pictures, animation, and video on the Internet. Web Technology can be classified into the following sections: World Wide Web (WWW): The World Wide Web is based on several different technologies: Web browsers, Hypertext Markup Language (HTML), and Hypertext Transfer Protocol (HTTP). Web Browser: The web browser is an application software to explore www (World Wide Web). It provides an interface between the server and the client and requests to the server for web documents and services. Web Server: Web server is a program which processes the network requests of the users and serves them with files that create web pages. This exchange takes place using Hypertext Transfer Protocol (HTTP). The server is in a “passive open” state: Passive open is a network communication setting where a server process is waiting to establish a connection with a client. It is “listening” for a connection without establishing it. The client must initiate an “active open:” Once the server is in a “passive open” state, the client must establish a connection by sending a TCP synchronization or TCP SYN message. The server then expends resources to accept the connection. A reliable connection is established through a three-way handshake: The three-way handshake is one of the central features of TCP. It makes sure that the connection is set up securely and reliably by ensuring it follows three steps: SYN: The client sends a synchronization message to the server, essentially a unique numerical value. SYN-ACK: The server sends back a synchronization acknowledgment (or SYN-ACK) message, which comprises two parts – the SYN value +1 and an ACK message, which is also a numerical value. The client receives the SYN-ACK. ACK: The client responds with an acknowledgment of its own, which is the ACK value + 1. This step in the three-way handshake establishes the client-to-server connection. Applications hosted on the client can now communicate with server-hosted applications by leveraging the connection. It uses retransmission to drive reliability: Retransmission or automation repeat query (ARQ) is an error-control method that resends data packets if they are lost in transmission across the network topology. An interval of time is allowed to lapse between the source sending a data packet and the destination receiving it. This interval is called a timeout, and if the destination does not acknowledge receipt before the timeout, the source will send the packet once again. It has three tools to detect and correct errors in data transmission: TCP ensures that data is transmitted over the internet correctly and without corruption. It uses three measures to achieve this: Checksum: TCP groups the bytes in a message into segments, and each component has a mandatory checksum field, which is a 16-bit value. The destination will check the data in the checksum field for integrity, and if it is corrupted, it will not send back an ACK. Timeout: Timeout is the maximum interval allowed to pass between the data origination and receipt. It ensures that the connection does not remain open too long and minimizes exposure to online threats and bad actors. Acknowledgment: The server and the client exchange ACK values for data transmission validation. If a data stream is not acknowledged, then the protocol tries retransmission. Also, if three consecutive ACK values are the same, then TCP initiates retransmission. Also, sophisticated online threats may take advantage of the TCP model to hijack the network. When the server is in a passive open state, a bad actor may send a series of fraudulent packets, forcing the server to spend resources on accepting and acknowledging them. It floods the server with traffic, which eventually causes it to crash and become unavailable to the intended client. That is how denial-of-service attacks occur. An Internet Protocol (IP) address is the unique identifying number assigned to every device connected to the internet. An IP address definition is a numeric label assigned to devices that use the internet to communicate. Computers that communicate over the internet or via local networks share information to a specific location using IP addresses. How does an IP address work? An IP address works in helping your device, whatever you are accessing the internet on, to find whatever data or content is located to allow for retrieval. Common tasks for an IP address include both the identification of a host or a network, or identifying the location of a device. An IP address is not random. The creation of an IP address has the basis of math. The Internet Assigned Numbers Authority (IANA) allocates the IP address and its creation. The full range of IP addresses can go from 0.0.0.0 to 255.255.255.255. With the mathematical assignment of an IP address, the unique identification to make a connection to a destination can be made. Public IP address A public IP address, or external-facing IP address, applies to the main device people use to connect their business or home internet network to their internet service provider (ISP). In most cases, this will be the router. All devices that connect to a router communicate with other IP addresses using the router’s IP address. Knowing an external-facing IP address is crucial for people to open ports used for online gaming, email and web servers, media streaming, and creating remote connections. Private IP address A private IP address, or internal-facing IP address, is assigned by an office or home intranet (or local area network) to devices, or by the internet service provider (ISP). The home/office router manages the private IP addresses to the devices that connect to it from HTML: It's a language that helps structure and show content on web pages CSS: It helps make web pages look pretty by adding colors, fonts, and styles JavaScript: It's a language that makes web pages do cool stuff like animations and interactive features Backend Technologies: They are the tools used to make the server-side parts of web apps work Database Systems: They store and retrieve data used in web apps One way to talk about cyberspace is related to the use of the global Internet for diverse purposes, from commerce to entertainment. Wherever stakeholders set up virtual meeting spaces, we see the cyberspace existing. Wherever the Internet is used, you could say, that creates a cyberspace. Another prime example of cyberspace is the online gaming platforms advertised as massive online player ecosystems. These large communities, playing all together, create their own cyberspace worlds that exist only in the digital realm, and not in the physical world, ARCHITECTURE Cybersecurity shouldn’t be a single piece of technology that improves security. Rather, it should be a layered approach with multiple facets to ensure comprehensive protection. It’s important to understand what a layered approach consists of. Generally, there are 7 layers of cybersecurity to consider. Below, we explore what these are and why they are important. The Seven Layers Of Cybersecurity 1. Mission-Critical Assets This is data that is absolutely critical to protect. Whether businesses would like to admit it or not, they face malicious forces daily. The question is how are leaders dealing with this type of protection? And what measures have they put in place to guard against breaches? An example of mission-critical assets in the Healthcare industry is Electronic Medical Record (EMR) software. In the financial sector, its customer’s financial records. 2. Data Security Data security is when there are security controls put in place to protect both the transfer and the storage of data. There has to be a backup security measure in place to prevent the loss of data, This will also require the use of encryption and archiving. Security Strategy: At this level, keeping things secure entails file and disc encryption, frequent backups of all crucial data and procedures, two-factor authentication, enterprise rights management, and rules that make sure data is erased from devices that are no longer in use or that are being given to another employee. 3. Endpoint Security This layer of security makes sure that the endpoints of user devices are not exploited by breaches. This includes the protection of mobile devices, desktops, and laptops. Security Strategy: Endpoint encryption is required to make sure that the devices are operating in secure environments. Endpoint security systems enable protection either on a network or in the cloud depending on the needs of a business. The main goal of any endpoint security solution is to protect data and workflows associated with all devices that connect to the corporate network. It does this by examining files as they enter the network and comparing them against an ever-increasing database of threat information, which is stored in the cloud. The endpoint security solution provides system admins with a centralized management console that is installed on a network or server and enables them to control the security of all devices connecting to them. Client software is then deployed to eac h endpoint, either remotely or directly. With the endpoint set up, the software pushes updates to it whenever 5necessary,authenticates login attempts that are made from it, and administers corporate policies. In addition, the endpoint security solution secures endpoints through application control. This blocks the user from downloading or accessing applications that are unsafe or unauthorized by the organization. It also uses encryption to prevent data loss. The endpoint security solution enables businesses to quickly detect malware and other common security threats. It can also provide endpoint monitoring, detection and response, which enables the business to detect more advanced threats like fileless malware, polymorphic attacks, and zero-day attacks. This more advanced approach provides enhanced visibility and a wider variety of response options in the face of a security threat. 4. Application Security This involves the security features that control access to an application and that application’s access to your assets. It also includes the internal security of the app itself. Most of the time, applications are designed with security measures that continue to provide protection when the app is in use. Security Strategy: The most basic thing you can do here is to keep your programs up to date. This guarantees that the application is as secure as possible and that any known security vulnerabilities are addressed. 5. Network Security This is where security controls are put in place to protect the business’s network. The goal is to prevent unauthorized access to the network. It is crucial to regularly update all systems on the business network with the necessary security patches, including encryption. It’s always best to disable unused interfaces to further guard against any threats. Security Strategy: If no one person has access to everything, then any successful cyber attack only results in a small portion of the network being breached. The best practice for security at this layer is to only give employees and devices access to the parts of the network that are 100% necessary for them to do their jobs. 6. Perimeter Security This security layer ensures that both the physical and digital security methods protect a business as a whole. It includes things like firewalls that protect the business network against external forces. Security Strategy: This includes firewalls, data encryption, antivirus software, device management (which is crucial if your company has a bring-your-own-device and setting up a secure demilitarized zone for further security. 7. The Human Layer Despite being known as the weakest link in the security chain, the human layer is a very necessary layer. It incorporates management controls and phishing simulations as an example. Humans are the weakest link in any cyber security strategy, and they are alone responsible for 90% of data breaches. Security Strategy: Education and training, which include instructions on how to recognize and deal with phishing attacks, strong password strategies, system hardening, and cyber security awareness, are the best ways to keep the human layer secure. Access controls are a smart notion for protecting the human layer since they can reduce the amount of harm that could result from a successful attack. Communication Technologies - Web Services WWW is the acronym for World Wide Web. WWW is an information space inhabited by interlinked documents and other media that can be accessed via the Internet. WWW was invented by British scientist Tim Berners-Lee in 1989 and developed the first web browser in 1990 to facilitate exchange of information through the use of interlinked hypertexts. A text that contains link to another piece of text is called hypertext. The web resources were identified by a unique name called URL to avoid confusion. World Wide Web has revolutionized the way we create, store and exchange information. Success of WWW can be attributed to these factors − User friendly Use of multimedia Interlinking of pages through hypertexts Interactive HTML HTML stands for Hypertext Markup Language. A language designed such that parts of text can be marked to specify its structure, layout and style in context of the whole page is called a markup language. Its primary function is defining, processing and presenting text. HTML is the standard language for creating web pages and web applications, and loading them in web browsers. Domain Names Domain name is a unique name given to a server to identify it on the World Wide Web. In the example request given earlier − https://www.amazon.com/videotutorials/index.htm amazon.com is the domain name. Domain name has multiple parts called labels separated by dots. Let us discuss the labels of this domain name. The right most label.com is called top level domain (TLD). Other examples of TLDs include.net,.org,.co,.au, etc. amazon is second level domain name. URL URL stands for Uniform Resource Locator. URL refers to the location of a web resource on computer network and mechanism for retrieving it. Let us continue with the above example − https://www.tutorialspoint.com/videotutorials/index.htm This complete string is a URL. Let’s discuss its parts − index.htm is the resource (web page in this case) that needs to be retrieved www.tutorialspoint.com is the server on which this page is located videotutorials is the folder on server where the resource is located www.tutorialspoint.com/videotutorials is the complete pathname of the resource https is the protocol to be used to retrieve the resource URL is displayed in the address bar of the web browser. Websites Website is a set of web pages under a single domain name. Web page is a text document located on a server and connected to the World Wide Web through hypertexts. http://web.simmons.edu/~grabiner/comm244/weektwo/links.html Web Browsers Web browser is an application software for accessing, retrieving, presenting and traversing any resource identified by a URL on the World Wide Web. Most popular web browsers include − Chrome Internet Explorer Firefox Apple Safari Opera Web Servers Web server is any software application, computer or networked device that serves files to the users as per their request. These requests are sent by client devices through HTTP or HTTPS requests. Web Hosting Web hosting is an Internet service that enables individuals, organizations or businesses to store web pages that can be accessed on the Internet. Web hosting service providers have web servers on which they host web sites and their pages. They also provide the technologies necessary for making a web page available upon client request The Internet and the Web The internet is a global network of interconnected computers and servers that allows people to communicate, share information, and access resources from anywhere in the world. Worldwide digital population 2023 As of April 2023, there were 5.18 billion internet users worldwide, which amounted to 64.6 percent of the global population. Of this total, 4.8 billion, or 59.9 percent of the world's population, were social media users. How Does the Internet Work? The actual working of the internet takes place with the help of clients and servers. Here the client is a laptop that is directly connected to the internet and servers are the computers connected indirectly to the Internet and they are having all the websites stored in those large computers. These servers are connected to the internet with the help of ISP (Internet Service Providers) and will be identified with the IP address. Each website has its Domain name as it is difficult for any person to always remember the long numbers or strings. So, whenever you search for any domain name in the search bar of the browser the request will be sent to the server and that server will try to find the IP address from the Domain name because it cannot understand the domain name. After getting the IP address the server will try to search the IP address of the Domain name in a Huge phone directory that in networking is known as a DNS server (Domain Name Server). For example, if we have the name of a person and we can easily find the Aadhaar number of him/her from the long directory as simple as that. So after getting the IP address, the browser will pass on the further request to the respective server and now the server will process the request to display the content of the website which the client wants. https://www.youtube.com/watch?v=x3c1ih2NJEg Difference Between World Wide Web and the Internet The main difference between the World Wide Web and the Internet are: World Wide Web Internet All the web pages and web documents are stored there on The Internet is a global network of computers that is the World wide web and to find all that stuff you will have accessed by the World wide web. a specific URL for each website. The world wide web is a service. The Internet is an infrastructure. The world wide web is a subset of the Internet. The Internet is the superset of the world wide web. The world wide web is software-oriented. The Internet is hardware-oriented. The world wide web uses HTTP. The Internet uses IP Addresses. The world wide web can be considered as a book from the The Internet can be considered a Library. different topics inside a Library. Security and the Internet Very huge amount of data is managed across the Internet almost the time, which leads to the risk of data breaching and many other security issues. Steps to Protect the Online Privacy Install Antivirus or Antimalware. Create random and difficult passwords, so that it becomes difficult to guess. Use a private browsing window or VPN for using the Internet. Try to use HTTPS only for better protection. Try to make your Social Media Account Private. If you are not using any application, which requires GPS, then you can turn GPS off. Do not simply close the tab, first log out from that account, then close the tab. Try to avoid accessing public Wifi or hotspots. Try to avoid opening or downloading content from unknown sources. Role of requirements engineering in s==+oftware development , TCP/IP data transfer TCP/IP sockets provide a simple way of connecting computer programs together, and this type of interface is commonly added to existing stand-alone applications. TCP/IP provides a mechanism for transferring data between two applications, which can be running on different computers. The transfer of data is bidirectional; provided that the TCP/IP connection is maintained and no data is lost, the sequence of the data is kept. A TCP/IP connection between two applications has a client end and a server end, which means that one application acts as a server and the other as a client. 1.The server application listens on a local port (on the computer that is running the application) for requests for connections to be made by a client application. 2.The client application requests a connection from the server port, which the server then accepts. 3.When the server accepts the request, a port is created on the client computer and is connected to the server port. 4.A socket is created on both ends of the connection, and the details of the connection are encapsulated by the socket. 5. The server port remains available to listen for further connection requests: https://youtu.be/OTwp3xtd4dg?si=tQ5jQ72JpJmV2u_e The server can accept more connections from other client applications. These connections can be in the same process, in a different process on the same computer, or on a different computer: When the connection has been established, two data streams exist: one for inbound data and another for outbound data: The client and server ends of the connection are identical and both can perform the same operations. The only difference between them is that the output stream of the client is the input stream of the server, and the input stream of the client is the output stream of the server. Data Governance Data is a valuable tool that helps firms run more efficiently, make better decisions, and gain a competitive advantage in the marketplace. Unfortunately, fraudsters wishing to access and tamper with sensitive information may readily target today's data. This is why cybersecurity is rapidly becoming a key strategic concern for organizations and companies of all sizes. Data governance is the practice of applying internal data standards and regulations to manage the availability, accessibility, integrity, and security of data in business systems, as well as to regulate data consumption. Data governance guarantees that data is accurate, reliable, and secure, as well as that it is not misused. Data Governance Policy A data governance policy is a document that formally outlines how organizational data will be managed and controlled. A few common areas covered by data governance policies are: Data quality – ensuring data is correct, consistent and free of “noise” that might impeded usage and analysis. Data availability – ensuring that data is available and easy to consume by the business functions that require it. Data usability – ensuring data is clearly structured, documented and labeled, enables easy search and retrieval, and is compatible with tools used by business users. Data integrity – ensuring data retains its essential qualities even as it is stored, converted, transferred and viewed across different platforms. Data security – ensuring data is classified according to its sensitivity, and defining processes for safeguarding information and preventing data loss and leakage. Addressing all of these points requires a right combination of people skills, internal processes, and the appropriate technology. Data Stewards A data steward is an organizational role responsible for enacting the data governance policy. Data stewards are typically subject matter experts who are familiar with the data used by a specific business function or department. They ensure the fitness of data elements, both content and metadata, administer the data and ensure compliance with regulations. Data Governance Frameworks A data governance framework is a structure that helps an organization assign responsibilities, make decisions, and take action on enterprise data What is data governance used for? Data governance is necessary to assure that data is safe, secure, private, usable, and in compliance with both internal and external data policies. Data governance allows setting and enforcing controls that allow greater access to data, gaining the security and privacy from the controls on data. Here are some common use cases: Data stewardship Data governance often means giving accountability and responsibility for both the data itself and the processes that ensure its proper use to “data stewards.” Data quality Data governance is also used to ensure data quality, which refers to any activities or techniques designed to make sure data is suitable to be used. Data quality is generally judged on six dimensions: accuracy, completeness, consistency, timeliness, validity, and uniqueness. Scores of data quality dimensions are typically expressed in percentages, which set the reference for the intended use. For example, when you use 87% accurate patient data to process billing, 13% of the data. cannot guarantee you correct billing. In another example, a 52% complete customer data set implies lower confidence in the planned campaign reaching the right target segment. You can define the acceptable levels of scores for building more trust in data. Data management This is a broad concept encompassing all aspects of managing data as an enterprise asset, from collection and storage to usage and oversight, making sure it’s being leveraged securely, efficiently, and cost-effectively before it’s disposed of. Benefits of data governance Make better, more timely decisions Users throughout your organization get the data they need to reach and service customers, design and improve products and services, and seize opportunities for new revenues. Improve cost controls Data helps you manage resources more effectively. Because you can eliminate data duplication caused by information silos, you don’t overbuy—and have to maintain—expensive hardware.(Just in time inventory) Enhance regulatory compliance An increasingly complex regulatory climate has made it even more important for organizations to establish robust data governance practices. You avoid risks associated with noncompliance while proactively anticipating new regulations. Earn greater trust from customers and suppliers By being in auditable compliance with both internal and external data policies, you gain the trust of customers and partners that you will protect their sensitive information, so they feel positive about doing business with you. Manage risk more easily With strong governance, you can allay concerns about exposure of sensitive data to individuals or systems who lack proper authorization, security breaches from malicious outsiders, or even insiders accessing data they don’t have the right to see. Allow more personnel access to more data Strong data governance allows more personnel access to more data, with the confidence that these personnel get access to the right data and that this democratization of data does not negatively impact the organization. Cybersecurity Issues and Challenges in 2023 Ransomware Extortion Ransomware began as malware focused on extorting payments via data encryption. By denying legitimate users access to their data by encrypting it, the attackers could demand a ransom for its recovery. However, the growth of ransomware threats has resulted in focused security research designed to identify and remediate these threats. The process of encrypting every file on a target system is time-consuming — making it possible to save some data by terminating the malware before data is encrypted — and companies have the potential to restore from backups without paying the ransom. Double extortion attacks added data theft to data encryption, and some ransomware operators have shifted to focus solely on the extortion effort, skipping encryption entirely. These ransomware data breaches are faster to carry out, harder to detect, and cannot be fixed using backups, making them a more effective approach for cybercriminals and a greater threat to businesses. Cloud Third-Party Threats Companies are increasingly adopting cloud computing, a move with significant security implications. Unfamiliarity with cloud security best practices, the cloud shared security model, and other factors can make cloud environments more vulnerable to attack than on-prem infrastructure. While cybercriminals are increasingly targeting cloud infrastructure with exploits for new vulnerabilities, an emerging and worrying tactic is the targeting of cloud service providers. By targeting cloud service providers and cloud solutions with their attacks, a cybercriminal can gain access to their customers’ sensitive data and potentially their IT infrastructure. By exploiting these trust relationships between organizations and their service providers, attackers can dramatically increase the scale and impact of their attacks. Mobile Malware As mobile devices have become more widely used, mobile malware has emerged as a growing threat. Mobile malware masquerading as legitimate and harmless applications — such as QR code readers, flashlights, and games — have grown more common on official and unofficial app stores. These attempts to infect users’ mobile devices have expanded from fake apps to cracked and custom versions of legitimate apps. Cybercriminals are offering unofficial versions of apps as malicious APKs via direct downloads and third-party app stores. These apps are designed to take advantage of name recognition to slip malware onto employee devices. Wipers and Destructive Malware While ransomware and data breaches are some of the most visible threats to corporate data security, wipers and other destructive malware can have even greater business impacts. Instead of breaching information or demanding a ransom for its return, wipers delete the data entirely. Weaponization of Legitimate Tools The line between legitimate penetration testing and system administration tools and malware can be a fine one. Often, functionality that cyber threat actors would build into their malware is also built into their targets’ operating systems or available via legitimate tools that are unlikely to be recognized as malware by signature- based detection tools. Zero-Day Vulnerabilities in Supply Chains Zero-day vulnerabilities pose a significant but transient risk to corporate cybersecurity. A vulnerability is a zero day when it has been discovered but no fix is available for the issue. During the window between the initial exploitation of a vulnerability and the vendor’s release of a patch for it, cybercriminals can exploit the vulnerability unchecked. However, even after a patch is available, it is not always promptly applied by businesses.