• Skip to main content
  • Skip to footer

Novus Computers

Computer and IT Support in Eastern Nebraska

  • Home
  • Services
    • Business Services
    • Residential Services
  • Contact Us
  • 402-685-HELP

Andrew Cullen / December 20, 2021

Log4Shell Highlights Need for Proactive Approach to Business Security

Last Friday, a new software vulnerability with far-reaching implications was found being actively exploited in the wild. This vulnerability, dubbed "Log4Shell", affects a huge number of companies and applications and has sent many of them scrambling for answers.

The story so far

First the technical nitty-gritty: Last Friday, a major exploit in a Java library named "Log4J" was discovered being actively used by attackers in the wild. Log4J is a library used in a huge number of Java applications by developers to find bugs and issues within those programs. This vulnerability, when exploited, can allow unwarranted access to the system and potentially a company network as a whole.

But wait... there's more!

Most larger software companies which provide software affected by this exploit began releasing patches by Tuesday morning. Unfortunately, the fix didn't last long as attackers had found ways around the published fixes by Wednesday morning. As of writing this, some companies have re-published new fixes (which may or may not last) while others are still vulnerable.

Who's vulnerable?

Any company that uses either a Java-based program or a program which uses elements of Java may be at risk. This may also include your cloud-based software providers as well. There are countless companies who use Java-based programs as part of their digital tool stack. CISA, the Cybersecurity Infrastructure & Security Agency, has released a large but incomplete list of known-affected applications.

The need for a proactive approach to security

Log4Shell is the latest in a line of major exploits to have surfaced and presented a threat to businesses around the globe. But more than anything, this particular exploit highlights the fact it's no longer enough to just use a reactive approach to IT security. It's not enough anymore to slap a copy of Norton on every machine and install a new firewall every 3-5 years.

Instead, it's time to start taking a proactive approach to things, and that doesn't just mean applying patches whenever they're released. It means to pay more mind to the risk associated with the digital tools and technology your company uses. To develop and maintain a response plan for breaches or other problem events. Today, business is technology, and technology risk is business risk and needs to be treated as such, no matter the size of your organization.

Put it on paper

Last time I wrote about including IT in your 2022 business plan. Things like Log4Shell is exactly why you do that. The risk is there, it's time to act. If you're putting together a list of new years resolutions for your company, put proactive IT security at the top of your list. Your future self will thank you for it.

Lets Chat

Filed Under: Business Blog, Security Tagged With: business, data, java, security

Footer

Contact Info

Novus Computers
332 N. Oakland Ave
Oakland, NE 68045
402-685-HELP (4357)
web@novus-computers.com

Site Links

  • Terms-of-Service
  • Privacy Policy
  • Contact Us

Our Partners

  • Lenovo
  • Carbonite
  • Microsoft
  • Engenius
  • CyberPower

Search

© 2023 · Novus Computers · All rights reserved.

Hey, want some free advice?

Sign up for our free monthly business newsletter with tips and advice on getting the most out of today’s technology.


Fill out the form below and we’ll get in touch with you right away!

* = Required

Fill out the form below and we’ll get in touch with you right away!

(Fields marked with a * are required.)