Arraya Insights | January 11, 2022
In the last week or so, there has been constant talk of the recently discovered Log4j vulnerability. This bug in computer code, which affected nearly every major software company, is considered one of the worst vulnerabilities discovered in recent history. CISA director, Jen Easterly, warned that this is the most serious security flaw she’s seen in her career.
CISA outlined that Log4j is “broadly used in a variety of consumer and enterprise services, websites, and applications – as well as operational technology products – to log security and performance information. An unauthenticated remote actor could exploit this vulnerability to take control of an affected system.”
Cyber criminals are actively taking advantage of this flaw, with the Wall Street Journal reporting that there are 10 million attempts to exploit Log4j per hour. Retail, technology, finance, and manufacturing have been frequent targets.
Federal Trade Commission’s Warning to All Businesses
Following the exposure of this vulnerability, the FTC issued a warning to all businesses and organizations that they could face legal repercussions if this security vulnerability is not addressed.
The FTC outlined that those businesses that use Log4j have a duty to take reasonable steps to mitigate this known software vulnerability to reduce the likelihood of harm to consumers. As such, the FTC recommends all companies take appropriate action to mitigate this flaw and protect consumer data, immediately.
Using Equifax’s 2017 data breach and subsequent $700 million settlement as an example, the FTC made it clear that they would use their full authority to pursue legal action against companies who have not addressed the vulnerability.
CISA provided a guide to help companies determine whether their products with Log4j are among those that are vulnerable.
Next Steps: Identify Your Log4j Vulnerability and Take Action to Protect Your Business & Consumers
Every company needs to act on the Log4j vulnerability now to avoid potential fines and penalties, and ensure they are not vulnerable to the Log4j exploit. At Arraya, we can help your company discover the vulnerability through our security and penetration testing solutions and remediate the issue, once detected.
Waiting on this issue means exposing your company and consumers, and facing significant consequences from the FTC. Start a conversation with an Arraya expert and act today!
For more information on the Log4j vulnerability, listen to the latest episode of the Arraya Insights Vodcast: Cyber Security Analysis – Lessons Learned from the Log4j Vulnerability and 2022 Predictions.
Visit https://www.arrayasolutions.com/contact-us/ to connect with our team now.
Follow us to stay up to date on our industry insights and unique IT learning opportunities.