As we begin to settle into the new year, cybersecurity professionals are still on edge with the recently uncovered Log4j flaw. Although it’s made its way through the news cycle quickly, Google estimates it will take years to fully close the vulnerability.
What happened with Log4j?
Log4j is an open-source framework widely used by developers to record activity within an application. The software is used by both enterprise applications and cloud-based services.
In December, a flaw was uncovered in the framework that set the cybersecurity world on fire as nearly a third of all webservers were made vulnerable, including companies such as Twitter, Amazon, Microsoft, Apple, and Google. Although patches and updates have been made by Apache, the bug has been probed by hackers as they look for ways to exploit vulnerable systems.
Fixing a problem like the Log4j vulnerability requires companies using the software to download the appropriate patch. This takes time since major organizations must ensure the patch doesn’t impact their own programs. And, of course, some companies do not have strong cybersecurity practices—which means they might not have been privy to the attack in the first place.
How do I protect myself?
Per the Cybersecurity and Infrastructure Security Agency, organizations are urged to upgrade to Log4j 2.17.1 (Java 8), 2.12.4 (Java 7) and 2.3.2 (Java 6), and review and monitor the Apache Log4j Security Vulnerabilities webpage for updates and mitigation guidance.
Along with the CISA’s guidelines, we also recommend you protect your organization by taking the following steps if you haven’t already:
- Utilize log, endpoint, and network analysis to detect any exploitation in existing systems. Scanning for vulnerable Log4j servers is vital. If any evidence of post-exploitation activity is found, Incident Response (IR) procedures should begin immediately to detect, contain, and recover any data that has been compromised by this vulnerability.
- Contact all critical vendors for a statement on their Log4j response. This is a wide-ranging attack that affects many different types of vendors, which means even non-technical or software vendors should be issuing a response. If they have yet to issue a response, you should contact them to ensure proper steps are being taken.
- Update Intrusion Prevention Systems (IPS) rulesets and reach out to IPS vendor(s) to ensure their software is not affected by the vulnerability. This will not prevent the vulnerability, but it will detect and log any exploitation attempts.
Data breaches are, unfortunately, common occurrences, and the cost of recovery can be a drain on your time and your finances. According to IBM’s Cost of Data Breach Report 2021, Data breach costs rose from $3.86 million to $4.24 million—the highest average total cost in the 17-year history of this report.
However, there are ways to protect yourself and prevent damage from occurring. By educating yourself and your employees on the importance of cybersecurity, you can keep your private information fortified.
If you’re a business owner, you should consider investing in managed IT services to help mitigate risk. And even if you already have a trusted IT advisor, an outside, third-party assessment can help to head off any potential issues before they occur.