Log4j’s Wakeup Call: How To Be Vigilant?
Over this weekend, Google’s open-source team scanned Maven Central, the largest Java package repository, and found that 35,863 Java packages use versions of the Apache Log4j library. The good news is that the open-source community has responded well and has already fixed 4,620 (13%) of the packages. But, fixing all the vulnerabilities would take several years, according to one researcher.
In the past, when a major Java security flaw was found, it typically affected only 2% of the Maven Central index. This time, however, these 35,000+ vulnerable Java packages accounted for roughly 8% of the Maven Central total of ~440,000. The researchers on the team had only one word to explain the impact:” enormous.”
While reading all this, thoughts went back to how organizations can prevent such incidents or even dodge such bullets in the future. While harnessing vulnerabilities and unleashing ransomware and malware for disruptive ends is not new, neither will it end soon. Organizations need to be on their guard 24/7. A common phrase heard in the cybersecurity circles about cyberattacks is ‘Not If, But When.’
So, what can organizations do to improve their defenses if dodging the ‘breach’ bullet is all that can be done in this catchup race between the attackers and the defenders? How can we be as vigilant as possible?
Here are some common-sense actions that any organization can enforce. These apply to assets on-prem, and the cloud and help organizations protect (or delay) breaches while vulnerabilities are addressed.
Keep your system and security software up to date
Many ransomware and malware variants rely on unpatched vulnerabilities to get into your network and onto your devices. When seeking guidance on when to patch, look to known credible sources on the timing of those updates.
Cloud resources need the same special care as your on-prem assets
According to IBM's Cost of Data Breach Report 2021, the average cost of a data breach is $4.24M. The report also mentions that compliance failure was a top factor found to amplify the cost of data breaches; organizations with lower levels of security compliance failures lost $2.30M more than others.
All this points to the need for having a robust compliance and governance solution that provides unified visibility into threats and vulnerabilities and enables automated remediation where/whenever possible. Security tools should be carefully chosen both for their breadth – from on-prem/edge to hybrid cloud to public cloud—and for their depth – support industry best practices such as CIS, NIST, regulatory compliances such as PCI-DSS, HIPAA, and custom standards that organizations want in addition to the standards mentioned earlier.
Guidelines and best practices on how to continuously improve the security posture and minimize risk falls within the ambit of Security Operations (SecOps). We will explore this topic in detail in our upcoming blogs.
Periodic Audit Process
Whether on-prem or the cloud, all businesses must implement standard IT/Security practices to periodically and frequently audit all assets –hardware and software. The process will identify security vulnerabilities, threats, and changes in the security footprint on the cloud. On the on-premises side, hardware replacements, software and firmware upgrades/downgrades, patches, license renewals, and EOL actions needed will need to be addressed, as recommended by the vendors.
Backup all your data, frequently
This will enable you to recover your data and not be beholden to ransom demands. Many software backup solutions provide multiple flexible time slots to automatically backup data and user dashboards to recover them. Geo-separated replication of backups adds one more level of protection.
Security training
Train your employees to help spot phishing campaigns and avoid compromised websites. Since most successful attacks start with an employee clicking on something they shouldn’t, regular training is essential to spot malicious activities.
Consider New Defensive Technologies
Using updated antivirus software on servers and desktops, upgraded threat prevention, and other security solutions certainly help. On-premises infrastructure is closely tied to the cloud infrastructure – infection in one can spread to the other. So, security on all fronts is essential.