Log4Shell remains a challenge preying on the minds of business leaders across a variety of sectors. The multinational consumer credit reporting agency, Equifax, is one of the latest companies to be hit by Log4Shell. After the personal information of 147 million consumers has been exposed, the US Federal Trade Commission (FTC) has issued a warning. US companies who fail to patch against the vulnerability will face legal action. The UK Government is yet to release a warning to over 4.9 million UK businesses to remediate the Log4j cybersecurity vulnerability or get sanctioned.
The US Federal Trade Commission (FTC) has warned companies to remediate the Log4j security vulnerability or face legal action. In a strongly worded statement, the FTC said it will use its “… full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future.”
The advisory cites the Equifax breach where its failure to patch a known vulnerability irreversibly exposed the personal information of 147 million consumers. Equifax agreed to pay $700 million to settle actions by the Federal Trade Commission, the Consumer Financial Protection Bureau, and all fifty US states.
Amit Yoran, Former Director of the National Cyber Security Division of the US Department of Homeland Security, as well as Tenable’s CEO and Chairman, has shared his thoughts on the FTC warning and the need for increased cyber security amid the Log4Shell vulnerability.
“About time. Hallelujah! The FTC warning about potential legal repercussions for companies that fail to address the Log4j vulnerability is long overdue. Not addressing Log4j is worse than leaving your doors and windows unlocked and inviting an intruder in to raid your shelves, because it puts the data so many organisations collect on individuals at risk as well. Log4j in particular is the most significant vulnerability in history. Not addressing it proactively IS the definition of negligence! If the threat of government penalties shakes people out of their complacency, that’s a win for everyone. Now let’s get to it.”
“While EternalBlue wrought significant attacks, such as WannaCry, the potential here is much greater because of the pervasiveness of Log4j across both infrastructure and applications. No single vulnerability in history has so blatantly called out for remediation.
“Log4Shell has been identified as one of the biggest cybersecurity risks we’ve ever encountered, yet many organisations still aren’t taking action. According to our data, 30% of organisations haven’t begun assessing their environments for Log4Shell, let alone started patching.
“Log4Shell will define computing as we know it, separating those that put in the effort to protect themselves and those comfortable being negligent.”
Media contact
Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922
Email: [email protected]
