Security professionals around the globe continue to mitigate the effects of the Log4j vulnerability, which was discovered in December 2021. 

Cybersecurity nonprofit (ISC)² published the results of an online poll examining the Log4j vulnerability and the human impact of the efforts to remediate it. The poll surveyed 269 cybersecurity professionals, revealing the severity and long-term consequences of the Log4j attack for both security teams and the organizations they protect.

Key findings from the poll include:

  • Nearly half (48%) of cybersecurity teams gave up holiday time and weekends to assist with Log4j remediation
  • Fifty-two percent of respondents said their team collectively spent weeks or more than a month remediating Log4j
  • Nearly two-thirds (64%) of cybersecurity professionals believe their peers are taking the zero-day exploit seriously
  • Twenty-three percent noted that they are now behind on 2022 security priorities as a result of the change in focus
  • More than one in four (27%) professionals believe their organization was less secure while remediating the vulnerability

“The main takeaway from the Log4j crisis and this data is that dedicated cybersecurity professionals are spread thin and need more support to effectively remediate zero-day exploits while still maintaining overall security operations,” said Clar Rosso, CEO of (ISC)².

“Log4j is one critical vulnerability of many, and it’s only a matter of time before the next novel attack occurs. To avoid burnout — the consequences of which can lead to catastrophic breaches — organizations must support their cybersecurity teams by expanding their recruiting efforts, providing more resources and investing in the development and retention of their existing staff.”

There haven’t been any major breaches attributed to Log4j to date, in large part due to the hard work and dedication of the cybersecurity community. According to the poll, as a result of the reallocation of resources and the sudden shift in focus that was required, security teams reported that many organizations were less secure during remediation and fell behind on their 2022 security priorities.