TheCorporateCounsel.net

I may be slow on the uptake here, but I just started wondering what the heck is going on with my telephone that has not been working for the past week or so. Apparently, my telephone is one of many casualties of the “Log4Shell” vulnerability, which has been wreaking havoc across the technology world for almost two weeks now. As Emily notes over on the Mentor Blog, Log4Shell is a piece of ubiquitous code that TechCrunch has called the “bug that’s breaking the internet.”

Now, having been someone who lived through the infamous Y2K vulnerability, which was billed as potentially ending modern civilization as we know it, I tend to take that sort of statement with a big grain of salt. However, as we grind through this holiday week, the last thing we need is for the Log4Shell problem to continue gather steam and give us something other than the Omicron variant to worry about. The Mentor Blog notes these critical steps that companies should take, as highlighted in this recent DLA Piper memo:

• Legal team to communicate with vendors and service providers to determine whether Log4j software is used in their products, whether Log4j software has been patched, whether Log4Shell has impacted their systems/services/products and if so, the status of remediation. Review vendor contracts for notice rights and indemnity obligations and take appropriate action to preserve contractual and other remedies
• Legal team to print a hard copy of the cyber insurance policy
• Legal and InfoSec teams to print hard copies of the incident response plans and playbooks and notify members of the incident response team to be on standby in the event they need to be activated
• If InfoSec team detects unauthorized activity, activate IR plans and get legal involved to conduct privileged investigation
• Legal and InfoSec teams to stay current on Log4Shell threats.

Note that we have plenty of other resources addressing cybersecurity threats available in our “Cybersecurity” Practice Area.

– Dave Lynn