3rd Party Risk Management , Governance & Risk Management , Patch Management

What Is Log4j's Hidden Toll on Cybersecurity Readiness?

CISO Jon France of (ISC)2 on the Impact of Log4j on the Workforce
Jon France, CISO, (ISC)²

(ISC)² recently released results of an online poll examining the Log4j vulnerability and the human impact of the efforts to remediate it. Newly appointed CISO Jon France shares takeaways from the survey, which reveal the severity and long-term consequences of the Log4j attack for both security teams and the organizations they protect.

See Also: Keeping Your Side of the Street Clean: 5 Cyber-Hygiene Facts You Wish You Knew Earlier

According to the poll, as a result of the reallocation of resources and the sudden shift in focus that Log4j required, security teams reported that many organizations were less secure during remediation and fell behind on their 2022 security priorities.

"It's not just about people," says France. "It's also about some of the processes you have, which is: how you respond, knowing your assets, knowing where your landscape is and being able to respond quickly to that. And that takes experience."

He says practicing tabletop exercises is also important, "so that when you're faced with a crisis like a zero-day vulnerability, you've got a go-to playbook" that allows you to "swing resources in, prioritize quickly and get support from the business."

In a video interview with Information Security Media Group, France discusses:

  • Highlights from the poll;
  • Additional support required by security leaders and their teams to tackle future incidents;
  • Turning the dial on the skills shortage challenge.

As CISO at (ISC)², France advocates for security and risk management activities, skills development and awareness among all users of technology across industry as well as within (ISC)².

About the Author

Anna Delaney

Anna Delaney

Director, ISMG Productions

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.