Following the Log4j vulnerability, organizations across industries have been working quickly to patch their software and take stock of whether their networks and data have been compromised. In the wake of Log4j, it’s urgent that organizations quickly take action to safeguard their most sensitive information, both in transit, in use, and at rest — whether that’s intellectual property, customer data, or regulated information such as ITAR, HIPAA, or CJIS data.
Because Log4j is so widely used, it’s important to understand exactly what the vulnerability is, how many organizations are affected, and why it’s so noteworthy.
Log4j is a hugely popular piece of open source code that is commonly used by more than 12 million Java developers as they work to build millions of software applications that underpin core business functions in every conceivable industry.
On December 9, 2021, a new vulnerability was discovered in the Log4j open source library. In the weeks following, several other vulnerabilities came to light, followed by subsequent patches to address these vulnerabilities. At the time of writing, on December 29, 2021, the following had taken place:
As CISA director Jen Easterly said, “Log4j is the biggest security crisis in the history of the internet.” Why is this true? There are three simple reasons: it’s ubiquitous, it’s severe, and it’s simple to exploit.
Once organizations have taken the immediate action of patching their software applications, it’s important to take a broader assessment of data across the organization, and whether it’s well-protected enough to withstand other vulnerabilities or breaches in the future.
Due to the Log4j zero-day crisis, the world is now guaranteed to experience a significant increase in ransomware and cyber crime aimed at stealing sensitive data. Microsoft researchers report that they have seen hackers exploit the vulnerability to install crypto-miners, steal passwords and logins, and exfiltrate and ransom data. In light of this sobering reality, there are four steps that organizations can take to mitigate risks:
The highest priority for every organization should be to encrypt their most sensitive data as quickly as possible. Should firewalls or other network protections fail, encryption at the data level helps ensure that your most important assets remain protected, regardless of the environment where that data travels.
Data-level encryption — wrapping each individual file or data element in its own layer of protection — provides confidence that, even if the network where the data travels is compromised, the data itself remains inaccessible by a malicious third party without the keys to access it. Virtru’s Trusted Data Format (TDF) provides end-to-end encryption that travels with the data, at all times — even after it’s shared — and gives the data owner complete control over that information, wherever it travels. This includes the ability to revoke data access or change access privileges at any time.
Virtru is. With quick deployments and encryption capabilities that span across your software ecosystem (including Google Cloud, Microsoft 365, and SaaS apps such as Salesforce), we stand ready to help your organization quickly and strategically deploy encryption to safeguard your most vital asset — your data.
Discover how your organization can bolster confidence and breach readiness with Virtru’s end-to-end, data-centric encryption. Contact Virtru today to start the conversation.