The Internet security gap "Log4Shell" is currently alarming authorities, IT security providers and companies around the world.
They are feverishly trying to plug the gateway for malware in the widely used Java programming language that became public last weekend so that the IT systems can continue to run.
It is still not possible to estimate how great the damage is.
In the opinion of the Federal Office for Information Security, the threat situation could not be any greater: Red alert, according to the Bonn authority.
Attackers could take over systems completely via the vulnerability.
Aside from the acute danger and the specific economic consequences, it is already clear today that while everyone is still debating Log4Shell, hackers around the world have long been working on gaining access to computers, mainframes or data centers via other weak points.
If they manage to do that, they are attacking the backbone of a now largely digitized economy and way of life in industrialized nations.
If websites, apps or the offers of individual companies and authorities are temporarily unavailable after an attack, this is unfortunate for all those affected.
However, if basic utilities are the target, if hospitals, power grids or water utilities are hacked, entire states or regions can be in chaos.
Don't just protect the main digital entrance
Therefore: In the digital age, IT security concerns everyone. Nobody can evade this responsibility. First of all, this affects politics. The federal government made up of the SPD, Greens and FDP has just started an ambitious program for cybersecurity. Among other things, she wants to invest more money and assign the Bundeswehr a more active role in defending against digital threats.
This is necessary and, above all, speed is what counts. In addition, the government must draw even more conclusions from the fact that IT attacks can be used not only by criminals, but also by states. Whether state-commissioned hackers, for example from China or Russia, are behind individual attacks, can often not be conclusively proven. But those responsible should always be aware of the possibility. Accordingly, you should be careful with less well-meaning actors.
Companies also have to do more to avoid falling victim to IT attacks. Business spending on cybersecurity is rising to new record levels from year to year, but this year it amounted to a good 6 billion euros. But it is of no use to massively protect the digital main entrance with a one-off investment if attackers can gain access through a poorly protected window in an annex that is no longer in use. The defense against digital threats is an ongoing task and it costs a lot of money in the long term. The alternative to this is not only to risk sales and profits, but to possibly suffer reputational damage or even lose the foundation of the business altogether.
After all, citizens are also jointly responsible for IT security - as employees and as private users.
The Federal Office for Information Security points out the appropriate precautionary measures for each new security gap.
“Install updates as quickly as possible,” is one of them.
Or: “Use the strongest possible passwords.” For this purpose, two-factor authentication is recommended for Internet services; in addition to the password, users then have to enter a code sent to their cell phone.
The current debate about Log4Shell is a reminder that we should take such information seriously in everyday life.