Gravité Blog
ALERT: Log4j is the Most Dangerous Vulnerability in Recent History and Your Business Needs to Act NOW
A vulnerability was recently discovered that is effectively guaranteed to impact all computer users, from private users to businesses. While this situation will take some time to resolve fully, we want to make sure you know everything that needs to be done to protect yourself from Log4j.
What is Log4j?
Log4j is a Java library, which may not mean much to you. All you need to know about these libraries is that they are used by programmers to develop software. If an application uses the Log4j library, it suffers from a major vulnerability that was just discovered.
The problem is, this particular Java library has been used extensively over the years, which means that the vulnerability impacts most of the big names in software and the applications and cloud services they offer. Big names, like…
- Amazon Web Services
- Apple
- Cisco
- Fortinet
- IBM
- Microsoft
- SonicWall
- Sophos
- VMware
…as well as others, large and small. Even the United States’ Cybersecurity and Infrastructure Security Agency (CISA) is affected.
How Vulnerable Could Log4j Leave My Business?
In a word: extremely. This vulnerability is so bad, it’s been demonstrated that using a single script in some applications could give a hacker near-ubiquitous access. This vulnerability isn’t new, either… it’s been around for years, but was only recently discovered on a wide scale.
As a result, more people than ever are able to take advantage of it.
What to Do to Fight Back Against Log4j
This is where the real challenge comes in. Naturally, if you rely on some of the systems that have been affected, there are some steps you need to take.
Much of the onus falls on the developers and companies who used the Java library to go back and fix the issues. Rest assured, it is pretty much guaranteed that the list of developers we mentioned above will do something about it. Many of them already have.
However, it also falls on the impacted websites and businesses to apply the patches that these developers put out.
For example, let’s assume for a moment that you’re an annual user on a fantasy football website. If that website relies on technology that Log4j impacts and they don’t apply the fixes, the information you’ve provided to the website—account details, financial information, and whatever else—would be vulnerable.
Again, this applies to every website, so if that website doesn’t react, your account with them could be vulnerable.
How to Protect Yourself from Log4j, as an Individual and as a Business
While it won’t totally solve the problem, everyone (private users and businesses alike) should take the steps to lock down their passwords. Weak passwords like “password1” isn’t going to cut it. This involves following the basic password best practices that we always talk about, like:
- Using a unique password for each account and website
- Using a mix of alphanumeric characters and symbols
- Using a sufficiently complex passcode to help with memorability without shorting your security
- Keeping passwords to yourself
Individual Users Need to Know That the Internet is Even Less Safe
Don’t get us wrong… the Internet is never totally secure, but for now, the dangers are that much more severe. You need to be very discerning about who you trust with your information for the time being, as various websites and developers make the updates to their platforms that will resolve these issues.
Businesses Need to Enlist the Help of a Professional
All organizations need to bring in a professional to audit all of their technology and update what can be updated to remove the influence of Log4j. Not only will this help protect your business and your employees, it will also protect the interests of your clients and customers.
Here at Gravité, we specialize in providing a litany of services to our clients, and we’re more than capable of performing these kinds of audits and updates. Give us a call at 1300 008 123 today, and we’ll make sure to get you on the schedule. Chances are, your business has been affected, and that’s not something you want.
Comments