In a recent post, the Federal Trade Commission warns of potential legal consequences for organizations who do not “mitigate known software vulnerabilities”.  Due to the fallout of the recent Log4j exploits, it was noted that the vulnerability poses a severe risk to millions of consumer products to enterprise software and web applications,  and the failure to take action/mitigation could be considered an FTC violation.  

Citing the FTC and Gramm Leach Bliley Act (GLBA) as part of the laws implicating the “duty to take reasonable steps”, the statement has many organizations concerned about how to move forward and protect data with future vulnerabilities.

While some may consider this statement as a first step to being proactive, the actions also speak to the significance of cybersecurity posture and the onus on businesses in cybersecurity.  

Citing Cybersecurity & Infrastructure Security Agency (CISA) guidance steps, the FTC recommended (Read more...)