In late December 2021, the world experienced one of the biggest and most far reaching vulnerabilities when the Log4j vulnerability was exposed.

What Is Log4j?

Log4j is used by developers to keep track of what happens in their software applications or online services.

The vulnerability, left unfixed, could allow attackers to break into systems, steal passwords and logins, extract data, and infect networks with malicious software.

The Fight to Remediate the Log4j Vulnerability

The cybersecurity industry went into ‘hair on fire’ mode trying to patch and fix the vulnerability. Multiple patches were issued and every time it seemed an organization had it fixed, another ‘hole in the dike’ would appear.

A new (ISC)² study found that 52% of security teams spent weeks or more fixing the flaw with nearly half doing so on weekends and holidays.

Cybersecurity Industry - Overworked and Understaffed

With a vulnerability as difficult to remediate as Log4j was, it emphasized the workforce gap in the cybersecurity community. As of this writing, the industry need is approximately 2.7 million people.

Respondents to the (ISC)² study mentioned above also said:

• 60% say workforce shortages leave organizations at risk

• 27% say their organization was less secure during the Log4j remediation

• 23% say they fell behind on their 2022 security priorities

This workforce gap has real world consequences. Cybersecurity professionals say that their organization could improve their risk assessment and management along with improve the speed to patch critical systems if their departments weren’t short staffed.