Latest News

MOVEit highlights re/insurers' cyber blind spots

By staff reporter

The ongoing cyber security incident known as the global MOVEit MFT (Managed File Transfer) attack has affected companies and government agencies on both sides of the Atlantic.

Hundreds of companies have been hit by data theft and extortion, with the private information of over 20 million individuals exposed to date. The Cl0p ransomware and extortion gang was behind the attacks.

A Single Point of Failure technology refers to a critical system, product or service that is relied upon by many companies. The failure of such technology can cause a domino effect, affecting many organisations in tandem and creating a ripple effect of adverse outcomes. Cyber Cube’s SPoF Intelligence tool identified 2,890 vulnerable MOVEit MFT deployments mapped to companies in 75 different countries at the time of the attacks in June.

William Altman, cyber threat intelligence services lead at Cyber Cube said: “The cyber re/insurance industry is currently looking into the concept of systemic cyber events and specifically questioning whether Cl0p's MOVEit attacks can be classified as one. As the industry strives to establish a unified definition for systemic cyber disasters, examining events such as Cl0p's MOVEit attacks closely is crucial, as they provide invaluable real-world evidence that can help shape more informed perspectives.”

Lessons learned (Source: Cyber Cube)

Cyber Cube's latest report, SPoF Intelligence: Lessons Learned from the MOVEit Attack, highlights three key lessons that can be learned from the MOVEit attacks that can help the re/insurance industry better understand how widespread data breach and extortion events can unfold. These are:

1. Cyber re/insurers have a blind spot when it comes to managing third-party risk arising from insureds’ service providers and their partners using vulnerable SPoFs.

2. Companies that are dependent on Data Aggregator SPoFs, including MFT applications, could be targeted in future attacks. This points to the need for the re/insurance industry and the broader security community to be vigilant about the threat to MFTs, even if it is not MOVEit.

3. The MOVEit attack will not be the last widespread data breach and extortion event. re/insurers should focus on identifying insureds that are using risky MFT SPoFs.

    Share Story:

YOU MIGHT ALSO LIKE

Wildfires: International SOS issues safety and continuity advice

Net zero 'undermining' cyber security in UK CNI

Ten most effective cyber controls for SMEs - Zurich


The Future of Risk & Resilience with AI & Data
CLDigital's Co-Founder, Tejas Katwala, joins CIR Magazine to discuss how CLDigital is transforming enterprise risk and resilience. By integrating business processes, AI and data-centric strategies, organisations can move beyond compliance to proactive risk management – simplifying operations, strengthening resilience, and driving business performance. Listen now to explore the future of intelligent risk management.

Communicating in a crisis
Deborah Ritchie speaks to Chief Inspector Tracy Mortimer of the Specialist Operations Planning Unit in Greater Manchester Police's Civil Contingencies and Resilience Unit; Inspector Darren Spurgeon, AtHoc lead at Greater Manchester Police; and Chris Ullah, Solutions Expert at BlackBerry AtHoc, and himself a former Police Superintendent. For more information click here

Advertisement
© 2019 Perspective Publishing     Privacy & Cookies