<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1594118447410323&amp;ev=PageView&amp;noscript=1">

Disclaimer

You are now leaving the Independent Bank website.

Linked web pages are not under the control of Independent Bank, its affiliates or subsidiaries. Be aware the privacy policy of the site to which you are going may differ from that of Independent Bank. Independent Bank provides external links as a convenience and is not responsible for the content, accessibility, or security of any linked web page.

Click “OK” to continue or “Cancel” to go back

Ok Cancel
x

Disclaimer

You are now leaving the Independent Bank website.

Linked web pages are not under the control of Independent Bank, its affiliates or subsidiaries. Be aware the privacy policy of the site to which you are going may differ from that of Independent Bank. Independent Bank provides external links as a convenience and is not responsible for the content, accessibility, or security of any linked web page.

Click “OK” to continue or “Cancel” to go back

x Want to chat? How can we help you? open chat
Menu
Search
Locations
Login

Log4j Security Vulnerability

Tips and tricks to keep your business protected. 

You may have heard about the log4j (pronounced Log Forge) security vulnerability — one of the most widespread cybersecurity vulnerabilities in recent years.

 

What is it? 

 

It's a vulnerability that was discovered in a piece of free, open source software called log4j. This software is used by thousands of websites and applications to perform mundane functions most people don't think about, such as logging information for use by that website's developers, for debugging, and other purposes.  This open-source software was made available to the public-at-large at no charge by Apache, a non-profit software foundation.

 

Every web application needs functionality like this, and as a result, the use of log4j is very common worldwide. Unfortunately, it turns out log4j has a previously undiscovered security vulnerability where data sent to it through a website, if that data contains a special sequence of characters, results in log4j automatically fetching additional software from an external website and running it. If a cyber-attacker exploits this, they can make the server that is running log4j run any software they want — including software that can completely take over that server. This is known as a Remote Code Execution (RCE) attack.

 

The net result is that, left unaddressed, cyber-attackers can completely take over thousands of websites and online applications, allowing them to steal money, data, and access. 

 

The good news is that mitigations are relatively easy to implement. The bad news is that left unmitigated, the vulnerability is extremely easy to exploit. iCloud, Amazon, Cloudflare, VMWare,  and many other sites and solutions have been confirmed to be vulnerable so far, and you'll likely hear more about many other sites being vulnerable in the coming days and weeks. System vendors are continually releasing updates that need to be reviewed and applied. 

 

What should you do? 

 

Ensure that your IT staff and partners are aware of this vulnerability and aggressively working to identify vulnerable software and remediate them quickly, placing priority on public-facing systems. Contact your vendors for a status of their efforts to mitigate this vulnerability and reduce the risk to your data in their custody. Monitor for announcements with information identifying additional software vulnerable to log4j as well as new patches available for your systems.

 

Watch for any indications that your systems and data have been compromised. Be prepared to respond to threats from both the technical and business perspective.

 

What are we doing?

 

We have been focused on this vulnerability since its public announcement.  Our IT Operations Team is implementing controls including updating our servers running log4j as quickly as possible to protect against this vulnerability.  We are also working closely with our vendors to ensure that they are placing as high of a priority on remediating this vulnerability as we have, tracking their progress, and documenting their ultimate remediation.