The Log4j vulnerability puts great pressure on security teams already stretched thin dealing with ransomware and other attacks. This advice will help them cope.
The year 2021 was unprecedented in the strain it placed on cybersecurity professionals. From the beginning of the year through now, incident responders and network defenders have been whipsawed by a seemingly endless array of unparalleled back-to-back security emergencies. In the words of researcher Kevin Beaumont, “We’ve reached peak cyber for 2021. Please stop cybering.”
The year started with wide-scale remediation efforts stemming from the late-2020 discovery of the state-sponsored Nobelium cyber-espionage campaign that exploited SolarWinds’ widely used Orion platform. Amid the SolarWinds clean-up, security teams had to then grapple with the exploitation of four zero-day vulnerabilities in the Microsoft Exchange Server that sparked a global wave of hacks and breaches. Ransomware gangs accelerated their attacks on healthcare, education, and business organizations, culminating in significant incidents that brought down leading U.S. oil pipeline company Colonial Pipeline and the North American operations of a major meat supplier, JBS.
Thrown into this mix of high-profile incidents were dozens of other ransomware attacks, hacks, and espionage efforts affecting government bodies, healthcare providers, educational institutions, political organizations, and human rights workers across the globe. The Biden administration responded with a series of executive orders, directives, and new requirements for government agencies and critical infrastructure providers to turn the tide of the unrelenting digital malfeasance. At the same time, Congress stepped in with legislative measures to bolster the nation’s cybersecurity posture.
This article appeared in CSO Online. To read the rest of the article please visit here.