• CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
  • TPRM by ThirdPartyTrust
  • Beacon by ThirdPartyTrust
  • Solutions
  • Risk Assessment Automation
  • Security Questionnaire Automation
  • Shadow IT Management
  • Zero Day Remediation
  • Integrations
  • Industries
    • Financial
    • Energy
    • Healthcare and Hospitals
    • Legal
    • Life Sciences
    • Manufacturing Industry
    • Retail
    • Technology
    • Other Industries
  • Pricing
  • Resources
  • Blog
  • Strategy Guides
  • Case Studies
  • Data Sheets
  • Webinars
  • Dictionary
  • API
  • Company
  • About us
  • Careers
  • Partners
  • Partners Login
  • Product Security
  • Privacy Policy

Log4Shell zero day made 87% of IT leaders feel less confident

Published by Sabrina Pagnotta on May 4, 2022
Categories
  • Blog
Tags
  • Cybersecurity

In a recent report by Valtix, 95% of IT leaders dubbed Log4Shell a wake-up call for cloud security, changing it permanently. Some 87% now feel less confident about their cloud security now than they did prior to the incident.

Back in December, the zero day vulnerability affected the Log4j utility, one of the most widely used tools by developers to debug or fix issues in their code. Four months after the incident, 77% of IT leaders are still dealing with Log4j patching, and 83% said that Log4Shell has impacted their ability to address business needs, according to the report.

The Lo4j vulnerability keeps making headlines because it could allow attackers to easily seize control of nearly everything from industrial control systems to web servers and consumer electronics. Major tech players, including Amazon Web Services, Microsoft, Cisco, Google Cloud, and IBM have all found that at least some of their services were vulnerable.

Like many other software supply chain vulnerabilities to emerge in the past two years, similar to Kaseya or SolarWinds, Log4Shell is a reminder that cloud configurations are built on top of many third party dependencies, from cloud service provider products to software components. Essentially, the cloud is built on open-source software, which is often subject to zero day vulnerabilities.

Learn More: What is a zero day?

Moving to a cloud environment can create critical gaps in visibility or introduce some new risks, such as misconfigurations and insufficient identity and access controls. This could further emphasize any previous lack of knowledge. Organizations need to understand their attack surface, including their own network, their third party vendor network, and the applications used.

One vulnerable link in the supply chain can lead to cyberattacks and data breaches, disrupting business operations at scale, across industries. This is why organizations need full visibility into their digital ecosystem, and continuous monitoring to detect and remove vulnerable third party components. Likewise, third party vendors need to protect themselves and their customers from attacks.

However, 78% of IT leaders stated they lack clear visibility into what’s currently happening in their cloud environment:

  • 82% say visibility into active security threats in the cloud is usually obscured
  • 86% agree it’s more challenging to secure workloads in a public cloud than in an on-premises data center
  • Only 53% feel confident that all of their public cloud workloads and APIs are fully secured against attacks from the internet

“Defense in depth is essential because there is no such thing as an invulnerable app,” said Vishal Jain, co-founder and CTO at Valtix. “Log4Shell exposed many of the cloud providers’ workload security gaps as IT teams scrambled to mitigate and patch.”

Zero Day Fundamentals and Remediation: Visit our Zero Day Resource Center

Back to basics: Layered defense

While zero day exploits are reaching a record‑high number, companies can also be hit by an exploit for a known vulnerability, possibly one dating back many years. 

Good cyber-hygiene and layered defense remain critical to effective cyber risk management. Consider the following best practices:

  • Proactive patching of known vulnerabilities
  • Security toolkit: antivirus, firewall, IDS, MFA, backups, and more
  • Cybersecurity awareness training for all staff
  • Cybersecurity requirements for third party vendors (learn more in our vendor management guide)
  • Supply chain checks to ensure open source components are secure
  • Continuous monitoring to detect and mitigate the risk of accidentally exposed systems

How Can ThirdPartyTrust Help You Mitigate the Log4J Vulnerability and Other Zero Days

ThirdPartyTrust is a third party risk management automation platform where enterprises and vendors connect to easily complete risk assessments, exchange security documentation, track, and monitor risks.

With flexible fit-for-purpose features, the tool adapts to help you stay ahead of zero days or unexpected vulnerabilities like Log4Shell. The ability to rapidly create and distribute a simple questionnaire among your vendors to manage potential threats can make the difference between business as usual and business continuity issues.

If one of your vendors is vulnerable, you can ask for additional requirements and assurances right away, and easily track them with the tool. You can also update the category or classification of this vendor (i.e. more or less critical, more or less impactful for the business).

Vendors using the platform to respond to risk assessments may complete these new requirements as part of their security profile and share them proactively. This will show their customers that they take security seriously and are being diligent to mitigate any new vulnerability.

Learn More About ThirdPartyTrust

Don’t let zero days be “wake up calls.”

Unpredictable vulnerabilities will be an ongoing concern for security teams inthe foreseeable future.

In this guide you will learn the fundamentals of zero days, patterns from our statistical analysis, and tips to reduce risk and remediate zero days if/when they happen.

Get The Guide
Sabrina Pagnotta
Sabrina Pagnotta
Sr. Content Strategist
    • Phone
      |+1-617-245-0469
    • Address
      |
      111 Huntington Ave, Suite 2010, Boston, MA 02199
    • Sales
      |sales@bitsighttech.com
    • Contact Us
    Laika_SOC2_TypeI_PurpleIris        CSA_Trusted_Cloud_Provider

    ©2022 ThirdPartyTrust, LLC and its Affiliates. All Rights Reserved. | 111 Huntington Ave. Suite 2010 Boston, MA 02199
    • BLOG
    • PARTNERS LOGIN
    • CONTACT US
    • PRIVACY POLICY
    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
    Do not sell my personal information.
    Reject AllAccept
    Cookie Settings
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
    CookieDurationDescription
    cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
    cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
    cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
    cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
    cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
    viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
    Functional
    Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
    Performance
    Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
    Analytics
    Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
    Advertisement
    Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
    Others
    Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
    SAVE & ACCEPT