There’s an interesting new fundamental thought emerging among computer security companies. The logic goes like this: First, your digital assets are going to be attacked. Second, no matter what preparations you make to defend those assets, a determined attacker is going to find a hole or a method of penetrating your defenses that you didn’t think of.
Most attacks are relatively cheap to carry out, because they’re not that sophisticated. More often than not, attackers copy the methods they use from each other. Attacks are inexpensive, and most attackers have the luxury of limitless time.
The exception is attacks using so-called “zero day” vulnerabilities, where a previously unknown vulnerability, usually in the operating system, is used to gain access to a system. Most — but not all — of the time, once a zero-day vulnerability is seen and documented, the weaknesses it reveals are patched, making it the type of weapon that can be used only once.