If you haven't taken a hard look at your servers and security systems recently, you'd be wise to do so ASAP. A member of Alibaba's cloud security team discovered a dangerous vulnerability known as Log4Shell, which has affected the likes of iCloud, Steam and Minecraft--and poses a real threat to businesses more generally.
The vulnerability, unearthed in the open-source logging Log4j library, sent the internet scrambling these last few days given how widespread the library is and how easily exploitable the security vulnerability is. The bug allows hackers to tap into computer systems where they can spread malware, steal data and much more.
"I'd be hard-pressed to think of a company that's not at risk," Joe Sullivan, chief security officer at the website security company Cloudfare, told the Associated Press. The vulnerability is "extremely bad," especially since millions of applications use Log4j, according to computer security researcher and white hat hacker Marcus Hutchins. Hutchins is known for his role in stopping the 2017 WannaCry ransomware attack.
A majority of devices with internet access are at risk to the threat if they're running affected versions of Log4j. Minecraft was one of the first places to showcase the flaw. Hutchins explained on Twitter that Minecraft users were able to get remote code execution on the game's servers after sending over a brief message into a chat box.
The Cybersecurity and Infrastructure Security Agency Director Jen Easterly said in a recent statement that all organizations should "upgrade to log4j version 2.15.0, or apply their appropriate vendor recommended mitigations immediately."
Cybersecurity is a unique pain point for small businesses, especially since many feel like they're not properly equipped to tackle a cyber threat head-on. Plus, they're more likely to succumb to an attack than larger companies. Verizon's annual Data Breach Investigations Report shows, in 2021 companies with under 1,000 employees reported 1,037 incidents, with 263 confirmed data disclosures, while 819 incidents, with 307 confirmed data disclosures were reported among companies with more than 1,000 employees.
Malware, viruses, ransomware and phishing are among the more common threats. Your first step in combating them is to ensure your security prevention systems are up to date. Taking stock of the data you keep is a general best practice, as is keeping tabs on who has access to what data.
And of course, ensuring your team stays up to date with timely training is also vital. After all, a business is only strong as its weakest link--and all it takes is one click for things to go awry.