vCTO Secure Blog

vCTO Secure has been serving the Seattle area since 2011, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

WARNING: Log4j is a Serious Threat, and Your Business Needs to Act NOW

WARNING: Log4j is a Serious Threat, and Your Business Needs to Act NOW

Log4j is a major vulnerability that has a widespread impact across a wide range of technology. We can’t stress how serious this is, and your business needs to take action right away.

What is Log4j?

We’ll keep it simple; when creating software, programmers can utilize different programming languages. One of these languages is called Java, and in Java, programmers have “libraries” of instructions to work with. Log4j is one of those libraries. 

A serious vulnerability has recently been discovered in the Log4j library that cybercriminals can exploit to gain access to your systems and data. It leaves your business and your information wide open to the world.

This particular Java library is actually pretty common and is used in a lot of applications and systems. It’s been used by some pretty popular products and services from some big names, like:

  • Amazon
  • Apple
  • Cisco
  • Fortinet
  • Google
  • IBM
  • Microsoft
  • SonicWall
  • Sophos
  • VMware

…as well as others, large and small. Even the United States’ Cybersecurity and Infrastructure Security Agency (CISA) is affected.

Could My Business Be Impacted by Log4j?

The chances are pretty high that your business uses some software that utilizes Log4j, making it susceptible to the vulnerability. We can’t stress enough that this doesn’t just affect the big guys in the list above, but everyone who uses their software.

The risks are extremely high too—with the vulnerability just coming to light, cybercriminals are going to start exploiting it. This is called a Zero-Day vulnerability, and it’s a ticking time-bomb.

How Can My Business Be Protected from Log4j?

You need to apply your security patches and updates and ensure that the software you use—all of the software that you use—is getting support from your vendors. If you are using software that is no longer supported, or no longer gets updates, you’ll need to audit that system to determine if it is affected by the vulnerability or not. We recommend setting up an appointment to have your entire network audited. You can get this started by giving us a call at (206) 895-5595.

The problem is, as a user, you can’t really tell if a website or piece of software is using this particular Java library.

Everything Just Got a Little Riskier, So It’s Up to You To Protect Yourself

Since this vulnerability is so widespread, it’s likely to have a lasting impact across all technology for years. It’s more critical than ever to use strong password hygiene. “Password123” isn’t going to cut it anymore. Everyone needs to start using strong passwords and use unique passwords across every single website and account they use. Otherwise, when one system is breached due to this vulnerability, cybercriminals will be able to use the passwords they stole from one account to get into others. This involves following the basic password best practices that we always talk about, like:

  • Using a unique password for each account and website
  • Using a mix of alphanumeric characters and symbols
  • Using a sufficiently complex passcode to help with memorability without shorting your security
  • Keeping passwords to yourself

Audit your IT TODAY

You need to protect the interests and information of your employees and customers. We recommend contacting a professional and having all your technology reviewed and updated.

Give vCTO Secure a call at (206) 895-5595 to schedule an appointment. Don’t wait for this to blow over—it’s going to be a very dangerous situation for companies that don’t take action.

Integrating New Hardware Doesn’t Have to Be Diffic...
In-House or Remote, Automation Brings Value
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Friday, 29 March 2024

Captcha Image

Mobile? Grab this Article

QR Code
Dark Web Monitoring

When you visit the Internet, you are more than likely sticking to the pages that can be accessed by typing an address into your browser, or by clicking on a link in a search result.

Find Out More
Contact Us

Learn more about what vCTO Secure can do for your business.

Seattle, Washington

Call us: (206) 895-5595

Protect Your Reputation

With human error causing over 92% of data breaches, we understand the importance of focusing on the weakest link by empowering employees through self-improvement, personal protection, and engaging training that is relate-able, not demeaning.

Find Out More