Log4j requires ongoing monitoring
At the end of 2021, we were actively monitoring and responding to the Log4j vulnerability, which presented new opportunities for hackers to access systems, potentially impacting businesses and organizations across the country. Like many previous cyber events, the interest in the Log4j vulnerability has faded but it remains a serious threat.
In December, Jen Easterly, the director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), warned that the Log4j vulnerability was “one of the most serious that I’ve seen in my entire career, if not the most serious”.
2021 was a terrible year for cyber breaches. According to an article from GovTech, the number of cyber breaches by the end of the third quarter exceeded all of 2020 by 17%.
The response to the Log4j vulnerability highlighted the weaknesses of many credit union cybersecurity teams. These teams typically rely on tools that scan networks and looks for signatures or trends of threats that exist. However, most new threats are not known, therefore, if you don’t know about it your scanners are unable to find it. As organizations discovered their tools had no detection, they scrambled to improve their tools, the process evolved over many days and weeks as they analyzed and better understood how Log4J was being exploited, allowing many organizations to be breached.
Those with teams like ours benefitted from our ability to operate as “threat hunters”, vigilantly monitoring threat feeds, working manually while the tools caught up, responding, patching and locking down vulnerable systems. This type of response is required in today’s active threat environment. Organizations can no longer rely on services that just scan and report – more investigation and manual intelligence, combined with expertise, tools and dedicated time to fight these threats are required for protection.
The Log4j vulnerability demonstrated the threat that comes from products and services and the importance of having a plan for selecting, reviewing and managing vendors. In some cases, vendors need to be quarantined or removed from the network in order to protect, while in other cases, they might need to be pushed to develop protections. In our work with our credit union customers, we saw many weakness in communication with vendors – organizations need to understand in advance workaround options and continuity processes should a critical vendor be lost due to a breach.
Credit unions are responsible for member data and the purview of accountability is much broader than it has ever been. Some organizations may have upwards of 30 vendors involved in the delivery of services, but they all need to be managed and protected as if they were programs built in-house. While organizations may not own the servers and data used, they still bear the responsibility for delivery of service and protection data.
Issues like Log4j will persist and get worse before they get better, and highlight the inherent weakness that exist within the internet, and in the use of open source code. The benefit of the internet is also its inherent weakness. We use a well-connected network of people and tools and machines from all over the world, but unless we unplug, we need to change how we operate, and become more proactive in risk management.
Hackers are attempting to break into networks constantly – the threats are only going to get worse. The silence of these threats makes it easy for leaders to overlook their importance. Now more than ever, credit unions need to recognize cyber threats as a very real and immediate risk, and build a team of experts and partners who can proactively and vigilantly monitor and protect your assets and members.
For more information about digital transformation, cloud adoption and cybersecurity practices that improve member experiences while protecting member data, visit www.thinkstack.co or contact us at info@thinkstack.co.