Security leaders are still dealing with the impact of Log4Shell, and cloud security leaders are changing the way they secure cloud workloads in the aftermath of Log4Shell. New Valtix research reveals that 95% of cybersecurity leaders say Log4Shell was a wake-up call for cloud security, changing it permanently, and that 87% feel less confident about their cloud security now than they did before the incident.
Log4Shell was a significant zero-day vulnerability in the Log4J developer library that posed a critical risk to too much of the internet. Even three months after the incident, the research found that 77% of IT leaders are still dealing with Log4J patching, with 83% stating that Log4Shell has impacted their ability to address business needs.
For organizations that don’t have a solid understanding of their exposed attack surface, moving to a cloud environment can create critical gaps in security visibility — further emphasizing that lack of knowledge, explains Matthew Warner, CTO and Co-Founder at Blumira. “Log4Shell was a reminder for IT professionals that it’s important to not only understand your attack surface from a port-exposure perspective, but also the actual applications used.”