Cybersecurity Risk is no longer a technology risk: it’s WAY bigger. And, the perfect storm is happening now.
According to The Indian Express “the Log4j vulnerability–first reported on Friday– is turning out to be a cybersecurity nightmare that likely impacts a wide range of products from Apple’s iCloud to Twitter to Microsoft’ Minecraft and a number of other enterprise products.”
The scope of the issue is huge
In a phone call with CNN, Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency (CISA), said this week:
“This vulnerability is one of the most serious that I’ve seen in my entire career, if not the most serious.”
The Indian Express adds: “the vulnerability is also dubbed as Log4Shell and was first highlighted by researchers at LunaSec.
The issue was discovered in Microsoft-owned Minecraft, though LunaSec warns that “many, many services” are vulnerable to this exploit due to Log4j’s “ubiquitous” presence.
The reason is that this particular open-source Java library is used in almost all major Java-based enterprise apps and servers across the industry.”
The ripple effect is far reaching beyond any one company’s walls
It’s not just your infrastructure that’s susceptible. It’s your upstream and downstream suppliers, the one’s that you count on to ensure the smooth running of your organization, that are being impacted. In other words, the companies that you rely on to generate revenue, to meet quarterly earnings or ensure your customers’ expectations are met, are being equally impacted by this cyberbreach.
So, if any one of your supplier’s systems are at risk, if their focus has shifted away from the delivery of goods and services to your organization, what happens if 10 or 100 or 1,000 of your suppliers are facing the same problem?
Do you know how big a problem this could be? Do you know how long this will last? Do you know the extent to which this could impact your business?
Supply Chain Risk with a side of cybersecurity and a dash of ESG Social Capital
We used to see cybersecurity somewhat narrowly as a form of technology or operational risk. Then, our focus shifted to understanding the impact on our customer’s data security and the obligations we have to protect their data (GDPR and CCPA are the most common examples of these obligations).
Now, the interconnectedness of the technology world has intersected with our supply chains and our sustainability (ESG) policies.
Redefining Supply Chain Risk for Public and Private Corporations
The traditional approach to managing risk within the supply chain had much to do with examining supplier dependencies and their operational performance.
Do I have too many eggs in one basket? Does that create potential supply chain vulnerabilities for my organization? Are they financially stable enough to maintain the supply of goods and services that we rely on?
We see a broader definition emerging, one that builds UPON those still-useful perspectives to include new aspects of risk that are very real. We think these two questions need to be addressed:
- Have I developed an effective ESG policy (inclusive of a robust cybersecurity solution) that will allow me to attract future investment from a market that is exceptionally ESG-focused? Can I address Social Capital concerns amongst the many sustainability issues that investors expect us to address?
- Have I evolved my supply chain analysis (and vendor requirements) to put sufficient focus on cybersecurity as a proven and ongoing threat? Do I know how vulnerable my operation is on the basis of the security threats that my suppliers are most susceptible to?
The massive impact of Log4J
The chart below illustrates the top 12 countries globally and the number of private companies per country which may be at risk. Not surprisingly the list consists of developed countries led by the US and UK.
What is potentially concerning is when we look at the global distribution of companies that are using Apache and Java by industry sector. Retail companies lead the list, however, there are over 400,000 NGO and Non-Profits who are also at risk. This indicates that Log4j vulnerability can impact NGO’s humanitarian missions and other infrastructure projects such as health, water and food that are critical for many individuals.
Better Insight is Available…and Soleadify can help!
Our data solutions are designed to provide accessible insights into what makes business’ tick. We see across entire geographic markets and key economies and drill down to the individual company level for over 70 million organizations around the globe. We have developed ESG solutions for third-party risk assessments and we couple that with a deep, proven understanding of what technology that those companies are using to power their business.
Together, our B2B insights can help you address the complex, conflated risks that companies are experiencing more than ever. We can specifically help you:
- Understand technology dependency and potential vulnerabilities within your supply chain and third-party vendors.
- Help identify and monitor reputation risks within your supply chain.