Log4j security threats could be here for a long time
It could take a decade to get rid of Log4j for good, US government says
It’s going to take years, maybe even a decade, to completely eradicate the threat posed by the Log4j vulnerability, security experts have warned.
The US Government Cyber Safety Review Board has analyzed what caused the Log4j flaw, and tried to come up with solutions, lessons, and other key takeaways for affected businesses.
Part of Homeland Security, the 15-strong independent body was set up by US President Joe Biden in 2021 to try and upgrade the nation’s cybersecurity standards, and has been investigating Log4j over the past five months.
Lingering risk
Among the findings of its investigation is a warning that unpatched endpoints will linger for years, if not a decade, and with them, the threat of exploits.
“This event is not over. The risk remains. Network defenders have to stay vigilant,” Rob Silvers, the undersecretary for policy at DHS, and the panel’s chair, told reporters on Wednesday during a conference call, The Record reported.
According to Silvers, some 80 businesses were interviewed for the report, as well as industry, foreign government, and security experts. The Chinese government was also involved, due to the fact that it was Alibaba’s engineers that first discovered it.
As usual, the Chinese were immediately accused of trying to take advantage of their findings, but the report says there was no evidence to support such claims.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
In conclusion, the report gave out almost two dozen of recommendations, which should help organizations stay safe from the risk posed by the Log4j vulnerability. The board also argues that businesses should up the ante in terms of cybersecurity solutions and defenses such as firewalls and zero-trust.
The Log4j utility has been at the center of a media storm at the end of last year, after the discovery of a major flaw that placed millions of endpoints at risk of data theft.
At the time of its discovery, Jen Easterly, the director of the US Cybersecurity and Infrastructure Security Agency (CISA) described it as “one of the most serious” flaws she’s seen in her entire career, “if not the most serious”.
- These are the best malware removal tools right now
Via: The Record
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.