Cybersecurity and Infrastructure Security Agency Director Jen Easterly told industry leaders in a phone briefing Monday that a vulnerability in a widely-used logging library “is one of the most serious I’ve seen in my entire career, if not the most serious.”
“We expect the vulnerability to be widely exploited by sophisticated actors and we have limited time to take necessary steps in order to reduce the likelihood of damage,” she said of the Apache Log4j flaw. The issue is an unauthenticated remote execution vulnerability that could allow an intruder to take over an affected device.
Hundreds of millions of devices are likely to be affected, said Jay Gazlay of CISA’s vulnerability management office in the [same] call –as reported by Tim Starks, cyberscoop.com, Dec. 13, 20211
Because of how widespread this vulnerability is, affecting everyone from Microsoft to Apple to Amazon to Google (in fact it affects millions of pieces of software2), it is time to make sure your business is as protected as possible. You may not hear bullets, but that doesn’t mean we not are in a war. This war aims to destabilize mostly the United States. The Financial Times reported that of the 1.2 million attacks launched in the past week, the attackers included Chinese-state-backed hackers.3 Will your business and its employees be casualties?
Business Continuity Is the Defense
Business continuity is the planning and process by which organizations maintain operation, not severely disrupted by a disaster or other unwanted incident. In other words, it’s being prepared to survive. Digital lives are complex: cloud-based servers, internet-accessed security cameras, workstations, phones, etc. And on each of these resides software of diverse kinds and functions. So for it to be effective, security must start with a thorough understanding of your as-is state that will lead to a plan for how to minimize your exposure to threats.
Among the tools that fulfill the plan are firewalls, permissions, policies, anti-malware, email threat protection, security awareness training for users, patch management, Dark Web monitoring, Microsoft 365 and G-Suite backup and Backup and Data Recovery.
Attacks on Servers
This month saw two significant outages at Amazon Web Services (AWS), the largest cloud services provider. If your business experiences a ransomware attack and you’re backed up to a cloud vendor that’s down, what now? This is why Bryley approaches Backup and Data Recovery using a 3-2-1 strategy that distributes your backed-up data so that you’re not limited to a single vendor. In the 3-2-1 model you have three copies of your data on two different types of media and at least one of those versions is stored off-site and at least one is stored locally. Bryley can also provide spin-up from a backup – so you can be up-and-running again fast.
Bryley designs backup programs in which the elements work harmoniously and seamlessly to provide reliable data backups, fast and easy restoration of business productivity and secure off-site backups.
An Approach Required by the Department of Defense and Several Industries
Bryley follows the NIST SP800-115 guideline for information security. Bryley uncovers organizational and regulatory gaps. And Bryley’s reporting provides a map for adhering to industry best practices and achieving organizational and regulatory compliance. Bryley’s Compliance Readiness assessments help organizations meet the requirements of HIPAA, CMMC and PCI DSS.
Also as cybercrime surges, insurers are buckling down on requirements for insurability. According to one underwriter, it’s not that insurers are not paying claims, but that after an incident they assess the insured and insist on additional measures in order to continue to cover the business.
Lock the Doors
As Sarah Guo explained at the WSJ Tech Forum, code is being written at a speed far beyond our ability to securely keep up.4 And there are malicious actors who have possibly already found a way in. These are things to take seriously by assessing, understanding the gaps and figuring out how to plug any possible entry-points. Approach your digital security like your business’ life depends on it.