The NCSC is advising organisations to take steps to mitigate the Apache Log4j vulnerability