Survey: Recovery from Log4Shell vulnerability is ongoing with 77% of organizations still in patching mode – TechRepublic

Register for your free TechRepublic membership or if you are already a member, sign in using your preferred method below.
We recently updated our Terms and Conditions for TechRepublic Premium. By clicking continue, you agree to these updated terms.
Invalid email/username and password combination supplied.
An email has been sent to you with instructions on how to reset your password.
By registering, you agree to the Terms of Use and acknowledge the data practices outlined in the Privacy Policy.
You will also receive a complimentary subscription to TechRepublic’s News and Special Offers newsletter and the Top Story of the Day newsletter. You may unsubscribe from these newsletters at any time.
Username must be unique. Password must be a minimum of 6 characters and have any 3 of the 4 items: a number (0 through 9), a special character (such as !, $, #, %), an uppercase character (A through Z) or a lowercase (a through z) character (no spaces).
Survey: Recovery from Log4Shell vulnerability is ongoing with 77% of organizations still in patching mode
Your email has been sent
New research shows that the weakness shattered confidence in cloud defenses and motivated a new set of cybersecurity priorities.
Log4Shell was a cybersecurity wake up call across every industry, according to new research from cloud security provider Valtix. The report found that 77% of the 200 respondents are still dealing with patching. Also, the vulnerability has negatively impacted the ability of IT teams to address business needs.
The survey found that tech leaders are prioritizing new tools, process changes and additional budget to address the weakness.
SEE: Log4Shell: Still out there, still dangerous, and how to protect your systems
In March 2022, Valtix worked with an independent research firm to survey 200 cloud security leaders to understand how the vulnerability has influenced security teams. The study shows how cloud security leaders are changing the way they secure cloud workloads in the aftermath of Log4Shell.
The research found that 78% of IT leaders still lack clear visibility into what’s currently happening in their cloud environment:
Additionally, almost all respondents confirmed challenges associated with bringing endpoint security agents and firewall appliances to the cloud from their data centers with:
Vishal Jain, co-founder and CTO at Valtix, said Log4Shell proved that defense in depth is essential even in the cloud because there is no such thing as an invulnerable app.
“Log4Shell exposed many of the cloud providers’ workload security gaps as IT teams scrambled to mitigate and virtual patch while they could test updated software,” Jain said. “They needed more advanced security for remote exploit prevention, visibility into active threats, or ability to prevent data exfiltration.”
Davis McCarthy, a principal security researcher at Valtix, said the research shows they are taking action in 2022 by prioritizing new tools, process changes and budget as it relates to cloud security.
The study authors also found that technical leaders in the energy industry are the most likely to have low confidence in their cybersecurity due to Log4Shell, followed by hospital and travel companies, automotive, government and financial services. Financial services companies were the most likely to have reprioritized cloud security initiatives after the vulnerability surfaced.
Here’s how the vulnerability works:
In a recent article, TechRepublic contributor Jack Wallen explained how to use the Log4j Detect script to scan Java projects for the vulnerability. This requires a Java project and a user with sudo privileges. This script can be used on Linux, macOS and Windows.
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
 
Survey: Recovery from Log4Shell vulnerability is ongoing with 77% of organizations still in patching mode
Your email has been sent
Your message has been sent
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
These 11 cloud-to-cloud solutions back up your organization’s data so you’ll be covered in the event of deletions, malware or outages. Compare the best online cloud backup services now.
You can use a mobile device to speak with another person directly through the Teams app. Lance Whitney shows you how to use this handy feature.
A phishing technique called Browser in the Browser (BITB) has emerged, and it’s already aiming at government entities, including Ukraine. Find out how to protect against this new threat.
With so many project management software options to choose from, it can seem daunting to find the right one for your projects or company. We’ve narrowed them down to these nine.
Start-ups, DARPA and Accenture Ventures announce research partnerships, new hardware and strategic investments.
Procuring software packages for an organization is a complicated process that involves more than just technological knowledge. There are financial and support aspects to consider, proof of concepts to evaluate and vendor negotiations to handle. Navigating through the details of an RFP alone can be challenging, so use TechRepublic Premium’s Software Procurement Policy to establish …
Recruiting a Security Analyst with the right combination of technical expertise and experience will require a comprehensive screening process. This hiring kit from TechRepublic Premium includes a job description, sample interview questions and a basic want ad that you can customize for your business to find, interview, recruit and hire the best candidates for a …
Recruiting a DevOps engineer with the right combination of technical expertise and experience will require a comprehensive screening process. This hiring kit from TechRepublic Premium includes a job description, sample interview questions and a basic want ad that you can customize for your business to find, interview, recruit and hire the best candidates for a …
Video game writing jobs are in demand. Recruiting a video game/quest writer with the right combination of technical expertise and experience will require a comprehensive screening process. This hiring kit from TechRepublic Premium includes a job description, sample interview questions and a basic want ad that you can customize for your business to find, interview, …

source

Share this post:

Leave a Reply