Jack Viljoen, Head of Prodinity Cyber Solutions, highlights the lessons to learn from the recent wave of large-scale vendor-related cyber attacks
In a recent coordinated wave of cyber-attacks, prominent household names such as the BBC, British Airways, and Boots have fallen victim to a breach in their MOVEit file transfer systems.
This alarming incident serves as a stark reminder of the persistent threats faced by both large corporations and small to medium-sized enterprises (SMEs) in the realm of cyber security. The attack, driven by poor cyber security practices related to vendor access vetting and monitoring to company systems, has highlighted the critical need for heightened security measures across organisations to safeguard sensitive data.
Hackers took advantage of a vulnerability in MOVEit Transfer, a commonly used software tool for secure data transfers. This resulted in the risk of valuable employee information being stolen, including sensitive data like national insurance numbers and bank details. The widespread nature of the hack, affecting multiple organisations simultaneously, is causing concern among payroll providers globally.
As always, hindsight is a wonderful thing, but the fact is simple: this hack could have been avoided. The MOVEit hack exploited vulnerabilities that should have been addressed through robust cyber security protocols. It is imperative to highlight the weaknesses that allowed such an attack to occur, emphasising the importance of proactively fortifying systems against cyber threats.
First and foremost, insufficient employee awareness and training played a significant role in this breach. Cyber criminals often exploit human error and lack of knowledge to gain unauthorised access. Without comprehensive training programmes in place, employees are more likely to fall prey to phishing attempts, unknowingly downloading malicious software, or divulging sensitive information.
Moreover, a lack of regular security assessments and updates contributed to the vulnerability. Organisations must conduct frequent vulnerability assessments to identify potential weak points in their systems. Applying patches and updates promptly is essential to address known vulnerabilities and stay ahead of emerging threats. Neglecting this crucial aspect can leave organisations exposed to exploits that hackers readily exploit.
Multiple entry points
In addition, weak password practices served as another entry point for attackers. Reusing passwords, employing weak or easily guessable passwords, or failing to enforce multi-factor authentication significantly increase the risk of unauthorised access. Organisations must emphasise the importance of strong password policies, encourage the use of password managers, and implement multi-factor authentication across their systems.
Insufficient network segmentation and access controls also contributed to the successful attack on these organisations through the vendor route. By failing to separate critical systems and limit access privileges based on the principle of least privilege, companies inadvertently create avenues for lateral movement within their networks. A compromised account in one department can easily result in widespread access across the entire network, making it easier for cybercriminals to exfiltrate sensitive data.
Vendor-related cyber attacks can be particularly dangerous because they bring the challenge of supply chain vulnerability into sharp focus. Vendors often have privileged access to critical systems or sensitive data of the companies they work with. If a vendor is compromised, attackers can exploit this access to infiltrate the target organisation’s network, bypassing traditional security controls.
Since many organisations rely on multiple vendors for various services, products, or software components, this means the impact of a successful attack can span multiple countries and multiple territories. A successful attack on a vendor can have a cascading effect, leading to widespread damage and disruption.
Companies often have limited control over their vendors’ security practices and infrastructure. Even if an organisation has robust security measures in place, a vendor’s weak security posture can undermine the overall defence and become a point of entry for attackers.
Additional risk assessments should also be considered when dealing with vendors, particularly when it comes to the exchange of sensitive information.
At the very least, companies should perform thorough risk assessments to evaluate the security practices of potential vendors before entering into business relationships. This assessment should include evaluating their security controls, incident response plans, and overall security maturity.
This incident does present an opportunity for knowledge sharing and collaboration. By working together, the companies affected by the MOVEit attack can help to establish channels for sharing threat intelligence and security information with vendors. Together, we can collaborate on proactive measures to identify and mitigate emerging threats.
Can we trust our software?
The reliance of companies on the MOVEit file transfer system to exchange highly sensitive information amplifies the significance of the recent hack and the security patch issue. Organisations placed their trust in MOVEit as a secure solution for their data transfers, making the breach in its security infrastructure particularly alarming. The fact that the loophole went unnoticed due to a security patch issue raises concerns about the effectiveness of their security practices and the thoroughness of their assessments.
When companies entrust a third-party vendor with their sensitive data, they are entitled to expect a higher level of security and protection. The occurrence of a hack within a trusted system like MOVEit raises questions about the reliability of vendor systems and their diligence in detecting vulnerabilities. This incident really highlights the need for organisations to carefully evaluate the security measures implemented by their external vendors and actively engage in ongoing communication to ensure that robust security protocols are consistently maintained.
The combination of relying on a vendor and the failure to spot the security patch issue highlights the importance of organisations taking a proactive role in their cyber security. While third-party solutions can be beneficial, organisations should not solely rely on them. Implementing additional security measures, conducting regular audits, and maintaining a comprehensive understanding of their own security position are essential steps for organisations to mitigate risks and protect their sensitive data effectively. By assuming greater ownership of their cyber security, companies can enhance their resilience against potential breaches and reduce dependence on external vendors.
Advanced threat detection
This unfortunate incident also underscores the need for organisations, regardless of their size, to prioritise cyber security. Investing in advanced threat detection and prevention technologies, employing regular employee training programmes, implementing robust access controls, and conducting regular security audits are vital steps to defend against evolving cyber threats.
As a trusted cyber security company, we urge businesses to take immediate action to bolster their security measures. By adopting a proactive and comprehensive approach to cyber security, organisations can significantly mitigate the risk of falling victim to similar attacks. Protecting sensitive data, preserving customer trust, and safeguarding the continuity of operations should be paramount for all businesses in today’s digitally interconnected world.
Let this incident serve as a clarion call for organisations to strengthen their cyber defences and collaborate with cyber security experts to establish resilient security frameworks. Together, we can combat the growing menace of cyber attacks and ensure a safer digital future for businesses of all sizes.