Your information security vigilance can never be allowed to flag. Recently, the Federal Trade Commission underscored the importance of that point about the newly discovered Log4 Shell vulnerability. Companies that fail to take preemptive action by installing a patch could face negative consequences.
Governmental attention is valid because this CVE-2021-44228 Java logging utility bug has wreaked havoc on a global scale. Everything from popular consumer products to web applications is vulnerable, compromising vital data such as sensitive personal information and significant financial loss to individuals and organizations.
Experience has already taught us what can happen if companies fail to take corrective action in such cases. In 2017, Equifax’s credit agency did not patch a known Apache Struts flaw. The outcome of this delinquency was that data related to 147 million consumers was compromised. Moreover, Equifax had to pay a staggering $700 million to settle with the state and federal agencies.
FTC officials stress that even as hackers develop new ways to breach security defenses, the agency will fully exercise its legal powers to protect consumer information from the breach. This federal oversight is expected to incentivize organizations to take steps in guarding against not only Log4j but also newer denial of service (DOS) and arbitrary code execution flaws that bear the potential to do significant damage.
Microsoft recently advised that cyber criminals of all types, including nation-state and commodity actors, continue to test the waters to find and exploit security weaknesses. The tech giant further indicated that these bad actors had access to malware, code exploits, and scanning capabilities that have the potential to put businesses and organizations at significant risk of breach for the foreseeable future. For that reason, it has never been more critical than now to go far beyond regulatory compliance to attain optimal digital protections.