In the early days of December, 2021, it was announced that an important software used by developers to keep logs and records of their development on a software has a vulnerability that allows hackers to access it even remotely. LOG4J is the software hence the name LOG4J Vulnerability. This Vulnerability is ravaging windows and Linus operating systems.

Since then a lot of work has been done to introduce several patches to secure different softwares. However, despite all these patches, there have been reports in different parts of the world of breaches arising from the vulnerability.  VentureBeat has reported a couple of attacks as result of the LOG4J Vulnerability which include Dridex, a malware that attacks financial institutions as reported by Cryptolaemus security research group. VentureBeat also reported that a Belgian defense ministry experienced a cyber attack which was traced to the same vulnerability.

 In addition, Akamai Technology said that “certain aggressive attackers are performing a huge volume of scans, targeting Windows machines” by leveraging the vulnerability in Log4j. Uptycs Researchers have also reported the possibility of LOG4J being used to deliver botnet malwares. Checkpoint in a blog post also reported that it has discovered over 60 variations of attack arising from vulnerability listing Bitcoin mining as top of the software experiencing the vulnerability. It also reported that an Iranian state-backed hackers used the same to attack Israeli government and businesses.

Due to the above uprising, it follows that Nigerian businesses should be proactive in dealing with these issues as they are not exempt from receiving the gift of Santa Claus being shared in cyberspace.

In this article, I will analyse the basic steps Nigerian businesses can take to stay proactive in this time.

Assessment of Software

It will be dangerous to assume your company is safe when you are not sure of the tools your developers use. Ensure that the developers conduct an assessment of all the software they use and run security tests on all of them. Check all software for scanning activities and any other sort of exploitation. Majorly, Linus and Windows are easily affected by the vulnerability but at this time it is important to do a general assessment and penetration test on all platforms.

Update Software

Several patches have been introduced by security engineers. Get updates to the patches and install patches to all affected software. Of course it is important to note that there will be several patches in the black market, it will be dangerous to just install anything. Contact your trusted software producers for updates on their software. Ensure your Infosec team (if you have any) conduct tests on all patches to be installed.

Conduct Cybersecurity Awareness

It is often said that a strong firewall is useless if the human wall is weak. Although it is the holiday season, it is of utmost importance to conduct Cybersecurity Awareness for all employees including the developers in the company. This will help all employees contribute to the safety of the company. A chain is as strong as its weakest link.

Report Data Breach

In the event you discover that a breach has occurred and personal data has been breached, report the same to NITDA. Although the Nigerian Data Protection Regulation is silent on reports of data breaches, the Implementation Framework for the Nigeria Data Protection Regulation compels you to report such data breach within 72 hours of discovering the breach. It is also important to inform data subjects where the breach will lead to high risks to the data subject.

Review InfoSec Policies

This is a time to conduct a review of all internal InfoSec Policies. Also, reemphasize the need for employees to follow all cyber security steps put in place in the policies. Policies are not meant to sit on the computers but to guide everyone in the company on compliance with Data and cyber security measures. So as you review the policies, ensure enforcement of the same.

Implement Protective network monitoring and blocking

It is suggested that businesses think about detecting exploitation attempts, and some may want to adopt defensive blocking at the HTTP or packet layers. Web Application Firewalls (WAFs) users should make sure there are rules in place to guard against this issue. Blocking URLs containing strings like “jndi:ldap” is one example. Variants of the exploit string may be able to get around current WAF regulations. As a result, WAFs should not be used as the sole control.

Businesses that understand how their servers handle typical outgoing connections may want to be sure they’re blocking unexpected outbound connections as well (particularly LDAP, LDAPS and RMI, however exploits may work over arbitrary ports). Blocking outbound connections without first knowing why they are needed may prevent exploitation, but it may also cause services to fail if they rely on them.

Conclusion

Due to this LOG4J Vulnerability, a lot of attacks and breaches may occur on the coming months. It is advised that businesses, more than ever before, sensitize their customers on how to react to phishing emails, texts and vishing calls. Board members and executive officers are also advised to ensure that their employees are putting in all proactive measures to ensure that their company is safe from the LOG4J Vulnerability. When data is shared with third parties, it will be necessary to contact such and ensure they put in place security infrastructures that will ensure that data breach is prevented. In the end, a cyber security culture is the most important for all businesses at this time.

First, I would like to point out that I have used the term CEO in a very loose form to represent the general perception of a CEO lifestyle, where one is boss to everyone and accountable to no one.

In the first year or couple of years of your business operation, there are a lot of things you will be doing as the founder, but none of them includes playing Boss. If anything, you will in fact take on any and every role to fill every vacuum. It is not uncommon to find the founder acting as a marketer, business developer, sales manager, accountant, secretary, and so on. Without taking on any of the titles, the founder will carry out all the functions in the beginning, and only let them go when he employs others with time.

Even after employing others, most successful entrepreneurs will tell you that in the first couple of years, they had to sit in the same room and work with the other employees. It is at this stage that you walk into an office and cannot differentiate the founder from the rest of the employees. And indeed, this is what it should be.

“I’m a boss, I get to do what I want to do and I can come in whenever I want and close whenever I want and I don’t have to answer to anyone. No one tells me what to do…”

As a founder and entrepreneur, this is the exact mindset you do not need. In fact, if you do your recruiting right, you should get some life-saving suggestions and insights from your employees but if you decide to act like a boss instead of an employee, you would be taking the quickest route to failure.

As the founder, you have the employees accountable to you. The next question is who are you accountable to? Who will make sure you attend your meetings, meet deadlines, and do all you have on your to-do list?

Some CEOs and founders will tell you that their Personal Assistants or Executive Assistants are like the bosses they have to answer to. They draw up the itinerary, schedule meetings, oversee operations, and make sure that the CEO shows up and does all he is supposed to. Although they are assistants, they are often critical parts of the business and keep the CEO on his toes.

The word ‘entrepreneur’ is not synonymous with ‘boss. As a founder, if you don’t hold yourself accountable and you don’t have someone who does, you will fail.

Be focused on selling your product and idea first. Know what is going on with sales, or else your business might hit the rocks. you should know how to connect with the customers instead of playing Boss. Don’t try to be too much of a business owner, but focus on trying to sell and make money based on your selling abilities

That dream life of a CEO will come anyway, but trying to live the dream too early can kill the dream. The dream life of an entrepreneur based on social media perception can be late mornings, dishing out the orders and taking no one’s suggestions but yours; but if you choose to toe this path in your business, you can well expect a crash soon.

Let’s meet at Abia State special day on Dec 30. Let’s renew the spirit of the Aba women of 1929 through entrepreneurial capitalism. Let’s scale the mercantile spirit of Arochukwu people. Let’s expand the trading sagacity of the Bende people. Let’s elevate the enyimba spirit of Ngwaland.

Let’s drum up the enterprising spirit of the Ukwa people. Let’s pursue new knowledge  like the Isuikwuatos and Umunneochis. Let’s build as the Umuahias. Let’s visit foreign lands and close deals like Ohafias.

From the east of Abia to the west, from the north of Abia to the south, boys and girls, men and women, the old and the young, are looking for a new rebirth and restoration of the state. We’re God’s Own State and indeed we need to make Abia this earthly paradise.

I will be speaking to deliver the message for our beautiful state. Join me on Dec 30 before the icons, merchants, titans, and leaders of our state. I want to see the innovators back. We built the old Aba – and we can rebuild Abia state.

Ndi Abia, let’s begin and get it done.