Before this week, you probably never heard about Log4j. Right now, though, it’s the biggest topic in cybersecurity due to a massive vulnerability that is estimated to affect millions of devices. Your business needs to take this seriously.

What is Log4j?

Without getting too deep into the roots, when developers create software and applications, they rely on different programming languages. For instance, Java has been a common programming language since the early 90s. Java contains libraries that developers can utilize, and one of these libraries, known as Log4j, was recently discovered to have a major vulnerability in it. This vulnerability has been around for years, but now that it is out in the open, cybercriminals are likely to take advantage of it to steal data and infiltrate networks.

The scope of this is huge. The vulnerability impacts some common names in the technology world, such as:

• Amazon
• Apple
• Cisco
• Fortinet
• Google
• IBM
• Microsoft
• SonicWall
• Sophos
• VMware

…as well as others, large and small. Even the United States’ Cybersecurity and Infrastructure Security Agency (CISA) is affected.

Does Log4j Affect My Business?

It’s pretty likely. Not to sound repetitive, but this is a major, major issue, and anyone using software or running a system with this vulnerability is putting themselves, their data, and their business at risk. It doesn’t just affect Microsoft and Apple, it affects all of us, because we all use Microsoft and Apple services.

How to Protect Yourself from the Log4j Vulnerability

For the most part, you need to rely on the security patches and updates your vendors provide for your software. Unless you develop your own applications, in which case then the onus is on you, you are at the mercy of your vendors.

Fortunately, most of the major vendors are scrambling to get security patches out. That said, it’s up to you to apply them. If you have software that is no longer receiving updates (such as older applications that have reached end-of-life, or have surpassed your license agreement), you’ll need to have someone determine if they utilize Log4j and come up with a game plan from there. Cases like this are going to get pretty hairy, so we suggest acting quickly.

Technology and the Internet are a Little Less Safe, so It’s Up to You to Protect Yourself

Since this vulnerability has such a wide impact, it really is up to you as an individual to make sure you are practicing good cybersecurity hygiene. Utilizing weak passwords like “123password” or using the same password across multiple accounts is a terrible, dangerous habit. You need to be using strong password best practices, such as:

• Using a unique password for each account and website
• Using a mix of alphanumeric characters and symbols
• Using a sufficiently complex passcode to help with memorability without shorting your security
• Keeping passwords to yourself

Let’s Audit your Technology ASAP

Don’t put your business at risk by ignoring the dangers of this vulnerability. You should have your network audited to ensure that everything on your network is thoroughly patched and determine if any systems are utilizing Log4j. It’s just a matter of time before we start seeing widespread exploitation of this vulnerability, so time is of the essence.

Give Dresner Group a call at (410) 531-6727 to schedule an appointment, even if you aren’t a client. This is very serious, and we don’t want to see local businesses struggle from this.