MARC FLIEHE, HEAD OF DIGITAL AND CYBERSECURITY AT THE TÜV ASSOCIATION, SAYS ABOUT THE SERIOUS IT SECURITY VULNERABILITY LOG4SHELL:
"Examples like Log4Shell show how vulnerable digital infrastructures can be. The Log4Shell vulnerability is easy prey for criminal hackers because it is widespread, easy to find and easy to exploit. Attackers are already exploiting this vulnerability on a massive scale with partly automated processes. It is likely that business applications in particular will be affected."
"The Log4Shell vulnerability shows how important a functioning IT security and emergency management is in addition to technical measures. In the event of an attack on the IT infrastructure or newly emerging security vulnerabilities, organisations can react quickly thanks to established processes, determine their own affectedness and initiate protective measures if necessary."
"It was right and important that the BSI published the information about the vulnerability. Sharing information about security vulnerabilities according to regulated processes strengthens information security. Therefore, as far as possible, all companies, authorities and other organisations should report IT attacks. An up-to-date situation picture is essential for all IT security managers."
The cybersecurity experts of the TÜV organisations offer, among other things, services for the detection of IT security problems and help even if attackers have already been able to overcome the security measures.