The Log4j vulnerability
The “Log4j Vulnerability” has become a widespread concern practically overnight, raising questions and fears for anyone that owns a computer.
Global uncertainty about the vulnerability has sent business owners into a panic and has experts in the field scrambling for answers.
Let us take some time to look at what we know about the vulnerability, what can be done about it and what you can do to protect yourself from future vulnerabilities.
What is the Log4j vulnerability?
The Log4j vulnerability is a technical oversight that enables attackers to bypass authentication checks for online services. The vulnerability makes use of a software package called Log4j.
This Log4j package is frequently utilised by Java, one of the most common programming languages used in real world applications.
The likelihood is that many a website and application you utilise everyday make use of Java, making them susceptible to attackers using the Log4j vulnerability.
This has left companies across the world panicking. Big names like such as Apple, twitter, and Amazon have been scrambling to go through their systems and identify what applications make use of the Log4j package.
The Log4j vulnerability is particularly dangerous because of how it easy it is to use. Normally, exploiting technical vulnerabilities takes skill and expertise to do so. However, it has been reported that, the Log4j vulnerability is has drawn the attention of the world because of how simple it is to use.
As the vulnerability has only become publicly available recently, researchers have not been able to determine how many successful attempts. Finding figures and success rates relating to the Log4j vulnerability have been
How do we fix it?
Much like COVID-19, this vulnerability will not be something that can be swept under the rug or fixed on a weekend. Correcting the issue becomes extremely complicated when you consider that the Log4j package has been utilised to create many applications.
Technical fixes have been developed to correct the vulnerability, however implementing these fixes is where the problem lies.
All the vulnerable servers that host websites we utilize everyday need to be updated with the technical fix to address the vulnerability. The sheer scale of implementing the updates is where the problem lies for many large-scale companies.
This update is not a complete fix for the Log4j issue. Think of it as treating the symptoms of an infection rather than outright curing the infection.
Completely removing the risk of this vulnerability will be down to the software manufacturers. They will have to implementing new systems that will not be susceptible to the Log4j vulnerability. This could be an incredibly complex process that will take software vendors time to complete.
Do not Panic – Lugo is on the case!
Lugo are here to support you as always. Our skilled team of technicians will support you and your firm needs to ensure IT runs effectively.
We are investigating the risk of the vulnerability and considering all aspects of the threat. We are working with vendors and applying the necessary updates to protect you and your information.
We will notify you if any further action needs to be taken as more information about the vulnerability is discovered.
Please rest assured that we are addressing the Log4j vulnerability appropriately and will continue to work with our IT partners to keep your infrastructure secure.
What can I do?
As mentioned, if Lugo is your IT support provider, then you can rest assured that we are doing everything we can to mitigate the risk of this threat affecting your company.
There are also a few things you can do if you want to help protect against future cyber threats from affecting your business
- Be sensible – Take care when receiving emails from new contacts, visiting new websites, or installing new software. Always check if any of these are legitimate before committing an action. Double checking if an email attachment is legitimate can be the decision that saves you from a cyber-attack.
- Train yourself and your staff – Are you confident that your staff are equipped with the knowledge of what to do if a piece of ransomware ends up on their computer. If you are not even sure what ransomware is, then setting up the appropriate training for your company should be a priority for 2021.
- Get Cyber Essentials – This is the best defence against cyber threats. A UK government packed accreditation that shows you have defences in place against the most common cyber-attacks. It comes with a range of benefits, the most important being piece of mind for your clients that their information Is safe in your hands.
- Sign up for Free Cyber Support – If you are an accountancy firm operating in Scotland, then you may be eligible for Funded Cyber Support for Accountants. This government funded programme, endorsed by ICAS, provides free support to help accounts get their Cyber Essentials. Click here to register for Free cyber support for your firm today.
