1 min read
How to Create a Data Security Plan
The belief that a computer or network breach is a ‘when,’ not an ‘if’ is practically dogma now. Given this reality, every law practice, regardless...
We've crafted solutions tailored to your firm
The world of insurance for law firms can be confusing, and difficult to navigate. We've created this glossary because these common insurance terms should be easy to understand.
4 min read
LMG Security : Feb 8, 2022 12:00:00 AM
As we begin a new year, it’s time to reflect on the strengths and weaknesses of our cybersecurity posture. Now more than ever, it’s important to look at the big picture. The recent Log4j exploit serves as a reminder that supply chain security planning is a gap in many cybersecurity programs and one that requires increasing attention from executive teams. Why? The Log4j vulnerability is used in technology supply chain attacks — where criminals leverage a weakness in a technology supplier to access and breach any customer using a vulnerable product/service. A staggering number of organizations, systems, and services are vulnerable to this exploit. Organizations such as SAP, Apple, Tesla, VMWare, Cisco, and many others scrambled (and are still scrambling — IBM is posting an almost daily list as they confirm which of their products are or are not impacted) to patch their software and roll out patches to fix vulnerabilities in their products.
This Log4j exploit is especially concerning since it is a commonly used Java-based logging library that is incorporated into many software programs — you may not even know if the products or software you use are impacted unless your supplier or partner tells you. With criminals leveraging exploits like this to worm their way into every integrated partner and connected environment in a supply chain, one breached partner can result in criminals breaching hundreds or thousands of environments.
The consequences from supplier exploits just increased with the FTC’s recent warning that organizations must take reasonable steps to secure customer data from Log4j and other known vulnerabilities or face potential legal action. In today’s digital world where every organization uses myriad software programs, web apps, and cloud platforms — and may even directly integrate with partners’ systems — partners and vendors are a crucial part of every organization’s cybersecurity.
Due to the interconnected nature of the supply chain, we all have to work together to reduce supply chain risks. So how can we all limit our exposure?
Vetting your vendors can seem like a daunting challenge, but by taking an efficient, methodical approach you can make it manageable. Whether you conduct vendor vetting in-house, outsource it, or automate it with the support of software programs, this is a crucial part of reducing your risks. Remember: aim for progress, not perfection. Focus on documenting your processes, creating templates, and establishing more consistent vendor security review routines. Here are a few key tips for breaking the problem down into manageable pieces:
We hope you found these tips helpful to start or grow your supply chain security program. With supply chain attacks offering the opportunity to breach numerous environments, criminals will continue to seek and exploit this method of attack. If we all work together, we can strengthen our collective cybersecurity posture in 2022.
At LMG, our singular focus is on providing outstanding cybersecurity consulting, technical testing, training, and incident response services. Our team of recognized cybersecurity experts have been covered on the Today Show and NBC News, as well as quoted in the New York Times, Wall Street Journal, and many other publications. In addition to online cybersecurity training, LMG Security provides world-class cybersecurity services to a diverse client base located around the United States and internationally.
1 min read
The belief that a computer or network breach is a ‘when,’ not an ‘if’ is practically dogma now. Given this reality, every law practice, regardless...
2 min read
It has never been easier than the present day to conduct law firm business without ever meeting clients in person. The result is greater efficiency...
4 min read
Sometimes married couples see things differently and the only way to resolve the tension is by finally deciding to agree to disagree. That’s how...