How Security Professionals Cope with Log4j Stress

2021 saw unprecedented tensions for many security professionals. Cyber ​​incident responders and network defenders must have been distracted by a constant series of security emergencies. To paraphrase cybersecurity researcher Kevin Beaumont, this year has seen a peak in cyberattacks.
ⓒ Getty Images Bank

2021 began with a large-scale restoration of damage from the attack by the ransomware attack group Novelium. Novellium hacked SolarWinds’ Orion platform in 2020. During the recovery of SolarWinds, the security team also had to grapple with four zero-day vulnerabilities found in Microsoft’s Exchange Server. The ransomware attack group continued to attack healthcare, education and businesses. The cyberattack reached its peak with the hacking of the North American divisions of Colonial Pipeline, the largest oil pipeline operator in the United States, and JBS, a meat processing company.

Dozens of large and small ransomware attacks, hacking and espionage activities targeting governments, healthcare companies, educational institutions, political groups and human rights activists around the world have joined the whirlwind of popular ransomware attacks. The U.S. Biden Administration has issued a series of executive orders and guidelines to government agencies and critical infrastructure providers. new requirementsIn addition, efforts were made to quell cyberattacks. At the same time, the US Congress enacted laws to strengthen its cybersecurity posture.

By the end of 2021, the Log4j vulnerability appeared. Security teams at organizations all over the world were understaffed and exhausted, but they had to respond quickly to Log4j vulnerabilities. In addition, chaos in the workplace and staff turnover caused by the rapid spread of COVID-19 micron mutations were also issues to pay attention to.

The CSO asked security experts what they think of Log4j’s closing in 2021, and any advice they would like to share with colleagues. We also asked how he coped with stress as Log4j patching and repairing tasks were added during a vacation he had expected to be relatively quiet and comfortable. We have compiled answers from several security experts.


“Prepare for the Marathon”: Claire Thiels, Senior Research Engineer, Tenable

In 2021, the Log4j vulnerability shook up the connected world. It was difficult to estimate the extent of damage from the incident, and it was easy to miss the forest while looking at the trees. It was like a fire in Redwood National Park, California.

However, this was not the only problem cybersecurity professionals had to address. In early December, IT solutions companies SonicWall and Zoho disclosed vulnerabilities that had already been exploited or could be exploited based on past attacker behavior. 2021 was the worst year for ransomware. Network access brokers and ransomware attack groups have taken advantage of new and outdated tactics and vulnerabilities, targeting enterprises in all sectors.

Countering the Log4j vulnerability will be a marathon, not a sprint sprint. This is because dependencies that were not previously known will continue to be discovered. It’s like the everyday hurdles a security expert is navigating into a marathon. In 2021 alone, 120 new items were added to the list of known exploitable vulnerabilities released by the Cybersecurity and Infrastructure Security Agency. This equates to about one-third of the entire list.

Also, in the midst of an early response to the Log4j vulnerability, Microsoft released the last Patch Tuesday of 2021, which included a patch for a zero-day vulnerability that attackers were actively exploiting. Even if the work is well distributed, it will be a difficult time for security personnel. There are only 24 hours in a day, so effective prioritization and strategy is absolutely critical.

“Maintain a work-life balance”: Lisa Flagmere, interim president of the National Cybersecurity Alliance (NCA)

From cyberattacks like SolarWinds to coping with the COVID-19 pandemic, 2021 was the toughest year for cybersecurity professionals. Unfortunately, the Log4j vulnerability discovery was enough to remind the struggling security guys over the holidays that 2021 isn’t over yet.

The fact that the IT industry currently requires 3 million professional manpower is enough to gauge the stress on cybersecurity personnel. The cybersecurity workforce is feeling extremely tense right now and is otherwise on the verge of burnout. Responding to this while expanding the talent supply line is a top priority for the cybersecurity industry going forward. Otherwise, there is a risk that security personnel will leave for other jobs.

Each company’s CSO plays an important role in alleviating some of the stress on the security staff. Whether it’s how to maximize the work-life balance of your team members or how to become an empathetic and caring manager, CSOs play a pivotal role in creating a work environment where employees feel empowered and comfortable, even during stressful times. .


“Invest in cyber readiness”: Asaf Karas, CTO, JFrog Security Research

The Log4j vulnerability had a significant impact on the workload of the incident response and network defense teams. Because the Log4j vulnerability is easy to exploit and can lead to serious damage, companies must immediately move resources to mitigate the vulnerability. The amount of direct and indirect resources required to identify all applications using the Log4j vulnerability component is very large. After identification, remediation and action plans should be implemented immediately.

Because cyberattacks are constant, information security teams continue to face challenges. Typically, cyber attackers launch their attacks on weekends or holidays when companies lack the ability to respond. Therefore, the security team must be alert to attacks that may occur at any time by introducing risk management procedures and prepare to respond immediately when an incident occurs. Businesses should invest in cyber readiness and preparedness measures to prepare for future accidents. Tools that provide automation and rapid response capabilities enable rapid response in the event of a breach.


“Look at it macro”: Andy Holmgold, Head of Product, Intruder

2021 was a tough year. The year started with constant fear amid the Solar Winds crisis. Experienced ProxyShell vulnerabilities and exploits, witnessed remote access solutions such as PulseSecure VPN being used to compromise networks, and Ascelion and VMware vulnerabilities exposed. Then came Log4j.

Almost all companies placed the highest priority on finding and patching the vulnerabilities of the Log4j vulnerability, and providing additional protection if the patch failed. As a result, the workload of network security personnel has increased significantly in recent years. Some companies had people who could be called immediately, while others didn’t have an immediate call process. In the latter case, it was necessary to suddenly deploy personnel with other duties.

Dealing with the Log4j vulnerability during the holidays was not an easy task under any circumstances, but it was a difficult defense ahead of the end of the year. Simply put, it’s been tough times for all security professionals around the world, and cyberattackers rejoicing. I think of it as a Christmas present for 2021.

If you don’t know whether to laugh or cry, it’s better to laugh. We work in a strange environment. Let’s take a step back and look at it holistically. State and criminal groups, opportunists, and a 14-year-old in bed chase us, we try to find a needle in the haystack. Whenever a major vulnerability like Log4Shell appears, a meme machine will come into play. It unites the community in dark times.


“Thank the security team”: Industrial Defender CEO Jim Crowley

With one week left on vacation, the job was dropped again. Why did this task fall on my desk? Customers who adhere to cybersecurity hygiene practices, have their software libraries turned on, and inventory their assets can quickly identify problems and implement certain mitigation actions. On the other hand, some customers take a deep breath and say, ‘I have to deal with this.’ In the latter case, it does not do what it is supposed to accomplish by any means. All day-to-day work will be stopped while you are rushing to solve the problem.

Executives need to understand that security is important and there are no signs or warnings. You should also know that your employees are under stress. Knowing this is tricky. For a moment, I told the security team, “Thank you for doing the job. We know how difficult your job is.” To motivate your employees, you need gratitude more than anything else. Go to the field and see the staff patching the system. It hurts so much that my mind is paralyzed. But no one expresses gratitude. [email protected]


Source: ITWorld Korea by www.itworld.co.kr.

*The article has been translated based on the content of ITWorld Korea by www.itworld.co.kr. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!