The highest number of supply chain attacks of 2021 took place in December, with one of the most detrimental being the Log4j vulnerability. Commonly used by apps and services across the internet, Log4j is an open-sourced logging library within a development language called Java. The vulnerability meant that threat actors had the ability to remote execute code and take control of anything that was making use of its components. The attack required very little expertise to execute, making Log4j one of the most severe vulnerability seen in recent years. Left unresolved, attackers could break into systems, steal sensitive data and infect networks with malicious software. A significant danger of these attacks was their ability to go undetected for months. Consequences for an organisation or it’s third-parties suffering an attack would range from operational delays to corporate or government surveillance, including the potential loss of data.
Companies across most industries had to undergo a number of processes in order to assess whether any of their systems were vulnerable. They had begun with checking whether their own systems used Java, and if so, whether these systems were internet facing, which would make them more accessible to exploitation. After this activity commenced a mass-coordination event in which organisations were advised to contact all of their suppliers to assess their vulnerability. At Brooklyn Solutions, most of our clients have thousands of suppliers whom they had to rapidly assess on scale and on mass.
One of our clients, a major retail firm, was made aware of Log4j and its potential risk to hundreds of suppliers. Using Brooklyn Solutions, this client rapidly remediated risk from the Log4j vulnerabilities for the wider vendor tail, where it’s suggested that over 60% of technology suppliers use Log4j as an indirect dependency. The Brooklyn platform fast-tracked a vendor consolidation exercise that would have usually required vendor managers to separately contact each supplier, as well as follow up on their individual responses.
Read the full Case Study to discover our Step-by-Step Process to reducing risk against CyberSecurity threats to our customer’s supply chain.
Do you want to protect your organisation from future cybersecurity threats? Request a demo or get in touch with our team of expert.