Inside the Briefcase

How Security in Tech is Being Reinforced

How Security in Tech is Being Reinforced

In an increasingly digital world, security has become a...

2022 Business Spend Management Benchmark Report

2022 Business Spend Management Benchmark Report

Read the 2022 Coupa Benchmark Report to explore 20...

Cloud Security: Understanding “Shared Responsibility” … and Keeping Up Best Security Practices

Cloud Security: Understanding “Shared Responsibility” … and Keeping Up Best Security Practices

Cloud computing has been around for many years now,...

Webcast: HOW TO SCALE A DATA LITERACY PROGRAM AT YOUR ORGANIZATION

Webcast: HOW TO SCALE A DATA LITERACY PROGRAM AT YOUR ORGANIZATION

Join data & analytics leaders from Starbucks, Cardinal Health,...

How EverQuote Democratized Data Through Self-Service Analytics

How EverQuote Democratized Data Through Self-Service Analytics

During our recent webinar on scaling self-service analytics, AtScale...

A Case Study in Appropriately Responding to the Log4J Cybersecurity Vulnerability

January 7, 2022 No Comments

Just in time for the holiday season, and at a time when cybercriminals are generally most active, industry experts discovered a critical vulnerability in a software commonly used by companies. The software, Apache Log4j, is a popular Java library for logging in applications. The vulnerability enables a remote attacker to take control of a device, potentially enabling cybercriminals the opportunity to steal sensitive data and deploy ransomware.

To combat this potentially devastating operational and legal outcome, IT security teams have been feverishly implementing patches to fix this vulnerability. Over the holidays, network scanners everywhere have been abuzz, searching for unpatched vulnerable systems. However, many organizations have found that they lack full inventories of all the software they use, making patching difficult and a never-ending game of whack-a-mole. Further, vendors and cloud-service providers are still struggling to issue fixes to all of their software products.

To add to the feeling of exhaustion and discontent, researchers say this flaw has been around for years, some estimate back as far as 2015. According to the US Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly, the vulnerability is already being used by a “growing set of threat actors.” As such, industry experts expect that this incident will follow a pattern like the recent Hafnium attacks, where the whack-a-mole approach proved far from sufficient.

Read Full Article..

Tags: , DATA SECURITY, Featured Blogs

Sorry, the comment form is closed at this time.

ADVERTISEMENT

Gartner