3rd Party Risk Management , Governance & Risk Management , Patch Management
What Is Log4j's Hidden Toll on Cybersecurity Readiness?
CISO Jon France of (ISC)2 on the Impact of Log4j on the Workforce(ISC)² recently released results of an online poll examining the Log4j vulnerability and the human impact of the efforts to remediate it. Newly appointed CISO Jon France shares takeaways from the survey, which reveal the severity and long-term consequences of the Log4j attack for both security teams and the organizations they protect.
See Also: The Complexities of Vulnerability & Patch Management
According to the poll, as a result of the reallocation of resources and the sudden shift in focus that Log4j required, security teams reported that many organizations were less secure during remediation and fell behind on their 2022 security priorities.
"It's not just about people," says France. "It's also about some of the processes you have, which is: how you respond, knowing your assets, knowing where your landscape is and being able to respond quickly to that. And that takes experience."
He says practicing tabletop exercises is also important, "so that when you're faced with a crisis like a zero-day vulnerability, you've got a go-to playbook" that allows you to "swing resources in, prioritize quickly and get support from the business."
In a video interview with Information Security Media Group, France discusses:
- Highlights from the poll;
- Additional support required by security leaders and their teams to tackle future incidents;
- Turning the dial on the skills shortage challenge.
As CISO at (ISC)², France advocates for security and risk management activities, skills development and awareness among all users of technology across industry as well as within (ISC)².