Express Computer
Home  »  News  »  Tenable Research Finds 72% of Organizations Remain Vulnerable to “Nightmare” Log4j Vulnerability

Tenable Research Finds 72% of Organizations Remain Vulnerable to “Nightmare” Log4j Vulnerability

0 39

Tenable®, the Exposure Management company, announced the results of a telemetry study examining the scope and impact of the critical Log4j vulnerability, known as Log4Shell, in the months following its initial disclosure. According to the data collected from over 500 million tests, 72% of organizations remain vulnerable to the Log4Shell vulnerability as of October 1, 2022. The data highlights legacy vulnerability remediation challenges, which are the root cause of the majority of data breaches.

When Log4Shell was discovered in December 2021, organizations around the world scrambled to determine their risk. In the weeks following its disclosure, organizations significantly reallocated resources and invested tens of thousands of hours in identification and remediation efforts. One federal cabinet department reported that its security team devoted 33,000 hours to Log4j vulnerability response alone.

Tenable telemetry found that one in 10 assets1 was vulnerable to Log4Shell as of December 2021, including a wide range of servers, web applications, containers and IoT devices. October 2022 data showed improvements, with 2.5% of assets vulnerable. Yet nearly one third (29%) of these assets had recurrences of Log4Shell after full remediation was achieved.

“Full remediation is very difficult to achieve for a vulnerability that is so pervasive and it’s important to keep in mind that vulnerability remediation is not a ‘one and done process,” said Bob Huber, chief security officer, Tenable. “While an organization may have been fully remediated at some point, as they’ve added new assets to their environments, they are likely to encounter Log4Shell again and again. Eradicating Log4Shell is an ongoing battle that calls for organizations to continually assess their environments for the flaw, as well as other known vulnerabilities.”

Other key findings from the data include:

-28% of organizations across the globe have fully remediated Log4Shell as of October 1, 2022, a 14-point improvement from May 2022.
-53% of organizations were vulnerable to Log4j during the time period of the study, which underscores the pervasive nature of Log4j and the necessary ongoing efforts to remediate even if full remediation was previously achieved.
-As of October 2022, 29% of vulnerable assets saw the reintroduction of Log4Shell after full remediation was achieved.
-Some industries are in better shape than others, with engineering (45%), legal services (38%), financial services (35%), non-profit (33%) and government (30%) leading the pack with the most organizations fully remediated. Approximately 28% of CISA-defined critical infrastructure organizations have fully remediated.
-Nearly one third of North American organizations have fully remediated Log4j (28%), followed by Europe, Middle East, and Africa (27%), Asia-Pacific (25%) and Latin America (21%).

Similarly, North America is the top region with the percentage of organizations that have partially remediated (90%), Europe, Middle East and Africa (85%), Asia-Pacific (85%), and Latin America (81%).

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image