Cybersecurity Private Equity

Cyber TRUST™ Index

-2.8%

Daily Change

+40.9%

Change from Jan 2023

A New Disturbing Vulnerability & the Future Challenges of Cybersecurity [Weekly Cybersecurity Brief]

As we begin to look to 2022 and prepare ourselves for what the new year may bring for the cybersecurity industry, 2021 is sending a strong reminder that it is still here. A newly uncovered vulnerability has sent experts into a scramble to learn more and prevent further damage.

Last Friday cybersecurity officials began warning of “a critical logging vulnerability that could potentially impact thousands of organizations, racing to implement patches before hackers can exploit the opening,” as Maggie Miler of The Hill described. The vulnerability, known as “Log4j,” opens up opportunity for hackers to take advantage of systems remotely and was discovered in the system of Apache. Apache has since issued a security advisory outlining the threat and next steps. Of the entities that have announced potential exposure to the Log4j issue is the online game Minecraft. It was also found that Apple’s iCloud, Twitter and Amazon may have been affected. The Cybersecurity and Infrastructure Security Agency (CISA) has directed such organizations to act right away to implement mitigations, especially as experts worry about the wide reach this vulnerability may have. 

In addition to the U.S., other countries have sounded the alarm over Log4j. A team based in New Zealand put out a statement that it was being “actively exploited,” according to The Hill. Germany also joined the list of those putting out alerts. As Reuters reported, Germany’s federal cybersecurity watchdog, the BSI, stated that it is “aware of world- and Germany-wide mass scans as well as attempted compromises. Initial successful compromises are also being publicly reported.” The BSI recommended that all organizations using systems including Log4j follow the measures outlined for patching potential exposure.

While this occupies the cybersecurity field, we must look at the issues that will carry over into the new year as well. A major focus, as Entrepreneur recently summarized, will be ransomware. The outlet pointed out that ransomware attacks are predicted to cost 299 billion per year by 2030, and sectors like government, healthcare and education are likely to remain as targets. But that’s not the only problem 2022 has in store. Entrepreneur also listed website cloning as a trend with potential growth going forward and predicted that the “Great Resignation” may continue to widen the cybersecurity skills and employment gap.

Key Takeaways:

“Officials, experts sound the alarm about critical cyber vulnerability” – Maggie Miller, The Hill

https://thehill.com/policy/cybersecurity/585370-officials-experts-sound-the-alarm-about-critical-cyber-vulnerability

  • Cybersecurity officials have warned of a critical vulnerability known as “Log4j.”
  • Log4j opens up opportunity for hackers to take advantage of systems remotely and was discovered in the system of Apache.
  • Organizations potentially impacted include the online game Minecraft, Apple’s iCloud, Twitter and Amazon.

“German cybersecurity watchdog issues red alert warning on software” – Reuters

https://www.reuters.com/technology/german-cybersecurity-watchdog-issues-red-alert-warning-software-2021-12-12/

  • Germany has joined the list of countries issuing alerts for Log4j.
  • As Reuters reported, Germany’s federal cybersecurity watchdog, the BSI, stated that it is “aware of world- and Germany-wide mass scans as well as attempted compromises. Initial successful compromises are also being publicly reported.”
  • The BSI recommended that all organizations using systems including Log4j follow the measures outlined for patching potential exposure.

“Cybersecurity challenges in 2022: are we ready to stop cyberattacks?” – Víctor Ruiz, Entrepreneur

https://www.entrepreneur.com/article/402132

  • As Entrepreneur reports, ransomware will continue to act as a major cybersecurity concern in 2022.
  • Ransomware attacks are predicted to cost 299 billion per year by 2030.
  • It is also predicted that activity around website cloning will keep increasing, and the cybersecurity job market will continue to face shortages.

Share