Tenable CEO expresses relief at FTC warning

Log4Shell remains a challenge preying on the minds of business leaders across a variety of sectors. The multinational consumer credit reporting agency, Equifax, is one of the latest companies to be hit by Log4Shell. After the personal information of 147 million consumers has been exposed, the US Federal Trade Commission (FTC) has issued a warning. US companies who fail to patch against the vulnerability will face legal action. The UK Government is yet to release a warning to over 4.9 million UK businesses to remediate the Log4j cybersecurity vulnerability or get sanctioned.

 The US Federal Trade Commission (FTC) has warned companies to remediate the Log4j security vulnerability or face legal action. In a strongly worded statement, the FTC said it will use its “… full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future.”

The advisory cites the Equifax breach where its failure to patch a known vulnerability irreversibly exposed the personal information of 147 million consumers. Equifax agreed to pay $700 million to settle actions by the Federal Trade Commission, the Consumer Financial Protection Bureau, and all fifty US states.

Amit Yoran, Former Director of the National Cyber Security Division of the US Department of Homeland Security, as well as Tenable’s CEO and Chairman, has shared his thoughts on the FTC warning and the need for increased cyber security amid the Log4Shell vulnerability.

“About time. Hallelujah!  The FTC warning about potential legal repercussions for companies that fail to address the Log4j vulnerability is long overdue. Not addressing Log4j is worse than leaving your doors and windows unlocked and inviting an intruder in to raid your shelves, because it puts the data so many organisations collect on individuals at risk as well. Log4j in particular is the most significant vulnerability in history. Not addressing it proactively IS the definition of negligence! If the threat of government penalties shakes people out of their complacency, that’s a win for everyone. Now let’s get to it.”

“While EternalBlue wrought significant attacks, such as WannaCry, the potential here is much greater because of the pervasiveness of Log4j across both infrastructure and applications. No single vulnerability in history has so blatantly called out for remediation.

“Log4Shell has been identified as one of the biggest cybersecurity risks we’ve ever encountered, yet many organisations still aren’t taking action. According to our data, 30% of organisations haven’t begun assessing their environments for Log4Shell, let alone started patching.

“Log4Shell will define computing as we know it, separating those that put in the effort to protect themselves and those comfortable being negligent.”

 

Media contact

Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922
Email: [email protected]

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Image provided by Veeam

AI and Ransomware: Cutting Through the Hype

Rick Vanover, Vice President Product Strategy, Veeam discusses how It might be the great paradox: Artificial Intelligence (AI)….
Copyright: Security Buyer

AmiViz Partners with Titania

AmiViz announced a strategic distribution agreement with Titania. This collaboration underscores a shared commitment to enhancing…
Oil and Gas

Navigating Africa’s Oil & Gas Industry

A comprehensive analysis of security strategies in Africa’s oil and gas industry, covering physical, cyber, and remote surveillance measures.
blackhat

Black Hat Europe Starts Soon

Black Hat Europe starts Monday and now is the perfect time to start planning your experience. With a full lineup of Keynotes…

VIVOTEK’s All-in-One Software Boosts Operational Efficiency for Enterprises

As demand for high-efficiency security systems rises among large enterprises, the global leading…
Assa Abloy website

WTC Amsterdam enhances security and efficiency with digital access solution

The World Trade Center (WTC) Amsterdam, home to over 300 companies, has upgraded its building security with a streamlined, digital access solution from ASSA ABLOY.
John Maddison website

Fortinet launches Lacework FortiCNAPP to enhance cloud-native security

In an advancement in cybersecurity, Fortinet has announced Lacework FortiCNAPP, providing organisations with visibility and security.
GITEX Global 2024 website

GITEX GLOBAL 2024: AI revolution drives strategic tech innovation

GITEX GLOBAL 2024 concluded on Friday, showcasing artificial intelligence (AI) as a transformative force driving business and economic growth
Security Mircon website

Edge Storage Powers Cloud Security

Micron Technology, alongside International Security Buyer, conducted a survey of installers, integrators, distributors, and security managers
Scroll to Top