MOVEit Hack – June 23

On 5th June, BBC News Online reported that British Airways, the BBC, Boots and Aer Lingus were among a growing number of organisations affected by a mass hack. Although the hack had been first disclosed the week before when US company Progress Software said hackers had found a way to break into its MOVEit Transfer tool, the announcement that major UK-based organisations had been hacked, was a significant development in this story.

We swiftly worked with Jim Tiller, CISO at Nash Squared to develop the response below, which was issued widely and picked up by a number of media outlets including Computer Weekly, Verdict and UK Tech News. This has positioned Nash Squared and Jim Tiller strongly for future commentary opportunities related to cyber-attacks.

 Jim Tiller, CISO at Nash Squared, a global technology and talent provider, said: “Any organisation that has used MOVEit must assume their data is in the wrong hands.

These organisations need to urgently review and categorise all their information assets that are likely to have been stolen to understand what represents the greatest threat to extortion and prioritise accordingly. From there it’s about assessing the risks associated with the exposure of the information, not only to the company but its clients, partners, affiliates and with those where information was exchanged. Without these critical steps responding to ransom demands and determining a course of action will be reactive and ineffective.

Organisations need to not only come to grips with dealing with ransom demands, but also recognise that there is no way to ensure the criminals don’t publish the information even when paid. Moreover, multiple organsations – at least two, the sender and receiver – will likely be extorted for the same information. Therefore, even if one company pays, they may still fall victim if the other does not.

Unfortunately, this is clearly representative of some of the inherent risks with multi-tenant environments and, in this case, may not be covered by cyber insurance policies for that very reason. Many insurers will have clauses that are very similar to acts of God or mass events that exclude such attacks from coverage. Therefore, if companies haven’t already reviewed their policy with their provider, they need to as soon as possible.”