(ISC)² Poll Exposes Hidden Toll of Log4j on Cybersecurity Readiness
Alexandria, Va., February 22, 2022 – (ISC)² – the world’s largest nonprofit association of certified cybersecurity professionals – today published the results of an online poll examining the Log4j vulnerability and the human impact of the efforts to remediate it. Cybersecurity professionals from around the globe shared their experiences and opinions, revealing the severity and long-term consequences of the Log4j attack for both security teams and the organizations they protect.
Key findings from the poll include:
- Industry professionals across the globe responded swiftly following the December 2021 disclosure of Log4j; nearly half (48%) of cybersecurity teams gave up holiday time and weekends to assist with remediation
- 52% of respondents said their team collectively spent weeks or more than a month remediating Log4j
- 64% of cybersecurity professionals believe their peers are taking the zero-day seriously
- 23% noted that they are now behind on 2022 security priorities as a result of the change in focus
- More than one in four (27%) professionals believe their organization was less secure while remediating the vulnerability
“The main takeaway from the Log4j crisis and this data is that dedicated cybersecurity professionals are spread thin and need more support to effectively remediate zero-day exploits while still maintaining overall security operations,” said Clar Rosso, CEO, (ISC)². “Log4j is one critical vulnerability of many and it’s only a matter of time before the next novel attack occurs. To avoid burnout—the consequences of which can lead to catastrophic breaches—organizations must support their cybersecurity teams by expanding their recruiting efforts, providing more resources and investing in the development and retention of their existing staff.”
Cybersecurity Professionals Defending Multiple Fronts at Once
There haven’t been any major breaches attributed to Log4j to date, in large part due to the hard work and dedication of the cybersecurity community. According to the poll, as a result of the reallocation of resources and the sudden shift in focus that was required, security teams reported that many organizations were less secure during remediation and fell behind on their 2022 security priorities.
This landscape of unsteadiness is what the Cybersecurity Workforce Gap looks like in practice. According to the (ISC)² 2021 Cybersecurity Workforce Study, the gap stands at 2.72 million professionals globally, with 60% of respondents reporting that the workforce shortage is placing their organizations at risk.
When a cybersecurity team is staffed appropriately, the disclosure of severe vulnerabilities doesn’t become a “fire drill” as the team has the resources to investigate and remediate in a timely manner. Investing in the development of existing staff is one of the many factors that contribute to higher retention. Retaining staff means the organization spends less time and resources on continuously hiring and training new staff members, which, in cybersecurity, has a positive impact on the overall cybersecurity posture. Additionally, well-trained cybersecurity personnel with institutional knowledge are more prepared to tackle Log4j-like threats.
To learn more about the results of the (ISC)² Log4j poll and read the direct comments from respondents, visit: https://blog.isc2.org/isc2_blog/2022/02/log4j-remediation-exposes-cybersecurity-workforce-gap.html
About the Survey Methodology
The results presented are from an online poll conducted by (ISC)² in February 2022, with a total respondent base of 269 global cybersecurity professionals. This poll response sample should not be viewed as statistically representative of the entire cybersecurity workforce. It is intended to share insight with the profession and facilitate best practice sharing and lessons learned from the disclosure of a specific critical cybersecurity vulnerability.
(ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, pragmatic approach to security. Our membership, more than 160,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education™. For more information on (ISC)², visit www.isc2.org, follow us on Twitter or connect with us on Facebook and LinkedIn.
© 2022 (ISC)² Inc., (ISC)², CISSP, SSCP, CCSP, CAP, CSSLP, HCISPP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP and CBK are registered marks of (ISC)², Inc.