A potential hack was identified earlier this month
Credit: Gerd Altmann/Pixabay
The Scottish Business Resilience Centre (SBRC) has urged organisations across Scotland to update their computer systems to avoid a potential hack that was identified at the beginning of this month.
It is feared that a flaw detected in open-source software Log4j, which is widely used to record activity on apps and websites, could be exploited by hackers and cybercriminals to steal sensitive data. Dubbed log4shell, the flaw was discovered by the developers behind Log4j on 9 December.
SBRC’s remit is to help businesses around the country meet the risks posed to them by all kinds of threats, including cyber dangers. Its backers include the Scottish Government, as well as police, fire and rescue services, and representatives of various industry bodies.
Related content
- How government, police and business are working together to protect Scotland
- Digital sector accounts for one in five workers in Scotland’s major cities
- Scotland backs cyber skills push
Chief executive Jude McCorry said all businesses across Scotland could be at risk of a cyberattack due to the flaw. She urged firms to ensure all software, end-user computing devices, and servers have been updated.
“While the impact of log4shell is yet undetermined, organisations could still be in the dark if they even use Log4j in their systems,” she said. “All organisations must consider themselves at risk of this global vulnerability until it has been confirmed that they are not. There is no time to waste here; the SBRC is calling on all businesses to take action now to avoid potentially catastrophic results.
McCorry added: “It is not just work devices that are on the line – personal devices are also at risk and so must be part of the updating process. Acting now and looking into other services that are used – including third-party software – will help to provide peace of mind. Given the meteoric rise in cyber incidents this year, individuals and organisations must turn to trusted sources to keep up to date on credible threats to operations like this.”
