A security vulnerability at the heart of an open-source piece of software tool is turning into a real concern for the digital economy. The issue seems to affect a tiny but ubiquitous tool known as Log4J that’s part of every tech product released in recent years. If exploited, billions of users across the world could be vulnerable through their devices.
Here’s what you need to know about the Log4J crisis and the one stock that should be on your radar as this issue is tackled.
What is Log4J?
Without getting too technical, here’s an overview of the problem. At the heart of millions of consumer and enterprise apps is a tool called Log4J. This tool helps the applications follow commands. Essentially, it helps the applications execute a log of commands that come from either a user or another application. Think of it as a to-do list for your app.
Now, some hackers seem to have figured out a way to change this log and ask an app to do anything they wish. This vulnerability is officially called “Log4Shell.” Cybersecurity experts claim that on a scale of one to 10 in terms of severity, this is a 10! It affects every piece of software and even hardware you use.
So far, attackers have used this simple hack to ask apps to do things like mine cryptocurrency or mess around with settings. But an attacker with the right skills and resources can do much more damage.
Tech giants such as Microsoft and Apple claim they have already patched the vulnerability. Meanwhile, Apache Software Foundation, the company that developed the Log4J tool has also created an update that fixes the issue.
However, millions of other apps that haven’t updated or patched this vulnerability are still at risk. Experts believe small- and medium-sized businesses will have to spend some time and money over the next few weeks upgrading their software to avert attacks.
The vulnerability should help companies of all sizes take cybersecurity more seriously. Investors can expect more capital to flow into this sector over the next few years.
Bet on cybersecurity
Security issues like Log4j should encourage more investments into enterprise-grade defence software. Unfortunately, we don’t have a lot of cybersecurity stocks in Canada. But investors can bet on the Evolve Cyber Security Index ETF (TSX:CYBR).
The fund invests in cybersecurity leaders across the world. Although it is listed in Toronto, 70% of its holdings are in the U.S., while another 20% is in Israel, Japan and China.
This ETF offers Canadian investors a quick and convenient way to bet on the growth of this sector. Corporations recognize the fact that they’re in an arms race against cyber attackers with sophisticated tools. Their budget for defence may need to expand in the years ahead. The performance of cybersecurity ETFs like CYBR could reflect this expansion.
Keep an eye on this stock.