BNMC Blog
WARNING: Log4j is a Serious Threat to Nearly Every Business
A critical, widespread vulnerability was just discovered, and this one is a very big deal. In fact, Log4j is one of the worst vulnerabilities we’ve seen, period. Your business needs to be aware of it, and you absolutely need to take measures to prevent it.
What is Log4j?
Log4j is a Java library, which likely doesn’t mean all that much to most users. It’s essentially a common set of instructions used throughout a massive number of applications and systems. Any software that uses the Log4j library suffers from a major vulnerability that was just discovered. Even though this library has been in use for years, the sudden discovery of the vulnerability means that cybercriminals will start exploiting it. Doing so could give them unfettered access to your data.
The vulnerability impacts many of the biggest names in technology. You’ll probably recognize some of them, such as:
- Amazon Web Services
- Apple
- Cisco
- Fortinet
- IBM
- Microsoft
- SonicWall
- Sophos
- VMware
…as well as others, large and small. Even the United States’ Cybersecurity and Infrastructure Security Agency (CISA) is affected.
Is My Business Vulnerable to the Log4j Vulnerability?
It’s pretty likely that you are at risk. Most businesses are, especially if they aren’t patching their software and operating systems and being diligent about their cybersecurity and IT management.
While it isn’t inherently clear from an end-user perspective what software language or Java libraries a particular application or system utilizes, it’s pretty likely that something you use is at risk. Thankfully, the big software companies are scrambling to provide patches and updates, and hopefully the more niche developers are taking this seriously too.
The real responsibility comes down to you—are you keeping your software updated across your entire business? Are you ensuring that you are still eligible for updates for all of the systems that you use?
That’s what you need to determine, and then you need to determine what might be affected, and get it mitigated. We can help you - give us a call at (978) 482-2020 to set up an appointment.
This Makes All Technology and The Internet a Little More Dangerous
Even if you patch everything, that doesn’t mean everyone else will. In fact, experts suspect it will take years before the Log4j vulnerability goes away forever.
For example, let’s say you use a weight loss app or website to track your workouts and caloric intake. If that website relies on technology that Log4j impacts and they don’t apply the fixes, the information you’ve provided to the website—account details, financial information, and whatever else—would be at risk.
Again, this applies to any website and every piece of software, so if the developer (or whoever controls and runs the software or website) doesn’t react, your account with them could be vulnerable.
This means it is up to you to practice good cybersecurity hygiene everywhere you go. Weak passwords like “password!” need to stop being used, and you cannot. This involves following the basic password best practices that we always talk about, like:
- Using a unique password for each account and website
- Using a mix of alphanumeric characters and symbols
- Using a sufficiently complex passcode to help with memorability without shorting your security
- Keeping passwords to yourself
Let’s Audit your IT to Ensure You Aren’t at Risk
Give BNMC a call at (978) 482-2020 to set up an appointment to review all of your technology to ensure your business isn’t at risk, and to get you patched and mitigated if you are. It’s extremely important.
Comments