Log4j vulnerability was discovered in December 2021 and was expected to be heavily exploited, but it appears Log4j is hiding. ZDnet.com reports that the director of CISA, Jen Easterly, is not seeing any damaging Log4j cyber incidents. There has been some speculation on what this really means. When will cybersecurity teams start to see damaging impact?
Why this might be
While many of us have addressed this issue by patching, it is far more likely that cybercriminals are just biding their time. TheHackernews.com reports that Microsoft has observed nation state threat actors including Log4j in their malicious payloads. It is likely this will keep occurring for the foreseeable future.
What this means
The best thing you can do for your small business is to continue patching and updates for all of your devices and software. Make this become a regular part of your business strategy. While it may be quiet right now, things could get very loud very quickly, especially if your business is not prepared. If you partner with a managed service provider, ask them to verify your systems are patched for the Log4j vulnerability. If you run your own IT, you will need to do this internally instead.
Updates are critical
We have talked about updating your software and hardware previously, check out this prior article. Updating your technology to the latest releases is generally good practice. One of the key features of updates are security patches. Updates need to become regular for your technology, especially when critical security vulnerabilities are identified. It is crucial to make sure when a new vulnerability is identified that you follow up with any second or third patches as well. It can be too easy to just patch once and think you are safe when new vulnerabilities are identified with a threat.
For more information on updating your technology and other pertinent cybersecurity topics check out SmallBusinessBigThreat.com!