GHM recently reported on how the Log4j 2 Vulnerability is affecting the internet. Log4j is popular with millions of computers running online services. The vulnerability poses a challenge for businesses as they find out which of their services use this component. Here are some key questions you should be asking.
How concerned should businesses be?
The Log4j has the potential to cause severe disruptions. Attackers will start to exploit the vulnerability. It does pose a threat for businesses without robust cyber resilience. It can disrupt operations, disclose personal data, reputation damage and incur additional costs in responding to incidents and recovering.
Questions for IT teams
What is your Plan?
Planning is crucial. If not already done, now is the time to verify business continuity plans regarding crisis management. Ideally, a designated person should lead the response. It should assist in minimising a disruption should an attack happen.
How are providers covering themselves?
If a business IT is not managed in-house, do start a conversation with any 3rd party supplier to understand the severity of the issue.
Does anyone in the business develop Java code?
Larger businesses may have Java developers who have legitimately used Log4j. It is crucial to ensure that any software written is not vulnerable.
For further information, contact us on 01865 367111.