Organisations urged to take action to prevent 'log4shell' cyber attacks

The Scottish Business Resilience Centre (SBRC) has urged organisations across Scotland to update their computer systems to avoid a potential hack that was identified at the beginning of this month.

It is feared that a flaw detected in open-source software Log4j, which is widely used to record activity on apps and websites, could be exploited by hackers and cyber criminals to steal sensitive data. Dubbed log4shell, the flaw was discovered by the developers behind Log4j on 9 December.

SBRC chief executive Jude McCorry said all businesses across Scotland could be at risk of a cyber attack due to the flaw. She urged them to ensure all software, devices – including personal devices such as phones - and servers have been updated.

“While the impact of log4shell is yet undetermined, organisations could still be in the dark if they even use Log4j in their systems,” she said.

“All organisations must consider themselves at risk of this global vulnerability until it has been confirmed that they are not. There is no time to waste here; the SBRC is calling on all businesses to take action now to avoid potentially catastrophic results.

 “It is not just work devices that are on the line – personal devices are also at risk and so must be part of the updating process. Acting now and looking into other services that are used – including third-party software – will help to provide peace of mind.

“Given the meteoric rise in cyber incidents this year, individuals and organisations must turn to trusted sources to keep up to date on credible threats to operations like this.”