You may be aware of a critical vulnerability called Log4shell which has left businesses worldwide vulnerable to cyber attacks. The situation began to unfold in recent weeks and is one of the most significant security exploits we have ever seen.
What is the Log4j vulnerability?
Log4j is an open-source logging library which is widely used in software applications and online services. It has recently emerged that there is a vulnerability within this tool, referred to as Log4shell, which requires very little time or expertise to exploit.
If left unfixed, attackers can exploit the vulnerability and break into systems, steal sensitive data such as passwords and logins, and infect networks with malicious software.
A common misconception is that Log4j is a virus, but it is actually a commonly used tool that happens to be vulnerable to cybercriminals. Although Log4j is not a virus, the Log4shell vulnerability does pose a highly significant threat level.
Will my business be affected?
The Log4shell vulnerability has the potential to cause a severe impact on many organisations. Anyone who uses applications or services which use the Log4j tool may be affected. Unfortunately, as Log4j is commonly used in many software applications, it is not easy to identify which of these are vulnerable without receiving guidance from the developers or creators of the software.
For this reason, the National Cyber Security Centre (NCSC) has asked developers of affected software to contact their users promptly. If you receive any communications on this subject, please ensure you read and act on any information provided as soon as possible. We also advise you to follow the additional steps detailed below.
How can I find out if I’m affected?
As Log4j is so widely used, we strongly recommend that businesses:
- Identify and contact all software and business application providers to ask if they use Log4j and if they have a fix for the recently discovered vulnerability. If you have any applications that are developed in-house, please also get in touch with your developers to check if they are using Log4j.
- Follow the advice provided by any of your software and business application providers as soon as possible.
- Consider managed cyber security services to proactively detect and alert you to future vulnerabilities.
Take a proactive approach to security:
Our advanced cyber security services proactively protect your organisation from the inside out and safeguard against the latest threats and vulnerabilities. Here are some of the measures your business can take to prevent future risk:
- Managed Cyber Security – Advanced 360° protection from the latest threats and vulnerabilities, be they malicious or accidental.
- SOC-as-a-Service – Our Security Operations Centre delivers advanced, next-generation managed threat detection and incident response services.
- Penetration Testing & Assessments – Identifying weaknesses across your IT environment – making sure defences are strengthened and fully resilient to attack, helping to mitigate risk.
- Compliance – Whether you need guidance or full support throughout your journey; we’ll help you meet compliance for a wide range of regulatory and security standards.
- User Awareness Training – We’ll help you embed a strong culture of cyber awareness with tailored training and phishing simulation, ensuring your staff are the first line of defence.
- Cyber Essentials – The cyber security certification aims to reduce an organisation’s risk of attack from internet-borne threats by around 80%.
We understand that this information is concerning, but please be assured that we are here to help you protect your business. If you would like further assistance with any of the steps or recommendations listed above, then please get in touch to discuss how we can help you.