Newsletter & Blog

LOG4SHELL VULNERABILITY AND THE SME

They go on to say that the challenges organisations face are:

 

  • finding out what services use the Log4j component
  • identifying which of these services your organisation uses
  • finding out if these services are vulnerable

 

So how concerned should you be?  This vulnerability has the potential to cause severe impact to many organisations, and, as you are attempting to find which software that you are using is vulnerable, cyber criminals are busy exploiting the issue.  Some reports are suggesting that this is likely to include remote control software and ransomware although the situation appears to be somewhat fluid and is changing regularly.

 

If organisations do not have robust internal network cyber resilience, this could spread through the organisation and cause a variety of business impacts including business disruption, breaches of personal data and reputational damage.  The range of possible organisational impacts go from minimal, to a crippling attack and possible information theft.

 

So what should you be asking of your internal IT teams, if you have them, or the IT Support organisation that you have under contract?

 

  1. Do you fully understand the implications for my organisation in regard to Log4shell? Do you have a handle on what systems I am running that may be affected?
  2. Do you have a named individual addressing the issue?
  3. What’s the plan? Lots of organisations will need a phased approach, perhaps over weeks or even months.
  4. How will we know if we’re being attacked?
  5. How do we manage IT systems being used by home and remote workers, given we are still in the grip of a pandemic?
  6. Are you dependent upon key suppliers? Are they connected to your systems to enable just in time supply?  How will you ensure that they are taking the necessary steps to secure their systems?
  7. Do you have a business continuity plan and when was it last checked?

 

The way things tend to develop in these instances, it would be prudent to expect attacks to become more targeted.  Ransomware groups may already be looking to use Log4shell as a method of illicit entry into networks.

 

More information can be obtained from:

 

Alert: Apache Log4j vulnerability (CVE-2021-44228)
The NCSC’s technical advice to mitigate the Apache Log4j vulnerability.

Log4j vulnerability - what everyone needs to know
Information about the critical vulnerability in the Apache Log4j logging tool, who it could affect and what steps you can take to reduce your risk.

 

Or contact us for further advice if you think having your own experts working alongside your IT provider, is necessary.  H2 provides affordable and flexible one-off and ongoing data protection and cyber risk protection services.

 

To learn more about the services we provide please click here https://www.hah2.co.uk/

 

Alternatively, please feel free to give us a call or email

 

T: 0845 5443742

M: 07702 019060

E: kevin_hawkins@hah2.co.uk

Trust H2 – Making sure your information is secure

 

What our customers say about us

 

“We originally engaged H2 to examine our liability under GDPR and devise risk managed policies and processes to ensure we met the requirements.  Their Cyber Maturity Assessment is certainly and eye opener and H2s approach, unique in our experience of IT service companies, demonstrated clearly that we had some issues to overcome.  They were patient in providing services at our own pace and at price points which we were happy with, and were comfortable working with our current IT provider, enhancing their services and products, and plugging gaps that they do not cover.  I have no hesitation in recommending H2 to other companies who need such services.”

Lisa Williamson, Operations Manager, Savage Group