When was the last time your company’s software was updated? If it was more than six months ago, your cybernetwork is at serious risk of exposure by hackers and you may be at risk of not complying with the new, 72-hour mandated reporting law.
On July 14, 2022, the United States Cyber Safety Review Board (“CSRB”) released a review of a new, “endemic” vulnerability called Log4j, which revealed potent flaws in software used in industries around the world.[1] The CSRB warned that it is vital for companies, especially those holding sensitive information, to upgrade their software to the latest version to patch the problem or risk falling prey to a cyber-attack.
What is Log4j?
“Log4j is one of the most serious software vulnerabilities in history,” said the Department of Homeland Security Under Secretary Bob Silvers.[2] Log4j is a part of the Apache Logging Services Project, which is a free and popular resource used by developers to build Java-based software. It was first detected in late 2021 in Minecraft, the incredibly popular video game owned by Microsoft. The flaw was verified and reported by software security technicians at Alibaba, China’s premier online retailer.
What Software is Affected?
Due to its ubiquitous use, many organizations and companies may not be aware that they are using Log4j and are therefore at risk. It in embedded in thousands of pieces of software, including extremely popular ones such as VMWare and Apple iCloud.
How do I Fix it?
Unfortunately, CRSB warned that Log4j vulnerabilities will persist for the next decade. To best address these risks, CRSB suggests that companies do the following:
As our world becomes more dependent on technology, companies must stay aware of cyber vulnerabilities and quickly respond. If your company needs assistance in implementing these protocols, contact Alex Boyer or Erin Beckner Conlin, Chief Compliance Officer at Tucker Arensberg, P.C.
[1] Cyber Safety Review Board (CSRB), “Review of the December 2021 Log4j Event,” July 2022, https://www.cisa.gov/sites/default/files/publications/CSRB-Report-on-Log4-July-11-2022_508.pdf.
[2] Associated Press, “Log4j Software Flaw ‘Endemic,’ New Cyber Safety Panel Says,” July 14, 2022, https://apnews.com/article/biden-technology-software-hacking-4361f6e9b386259609b05b389db4d7bf.
July 25, 2022
The same attributes that have anchored over a century of success are still our guiding principles today.
Enter your email address below and be notified when we post new information.