There are so many factors that go into breach response. Determining the size of the breach, time limitations, legal requirements, notification needs, urgency for containment, and interrupted business operations are just a few. Once a cyber security incident results in a data breach, reaching those affected needs to be done quickly, thoroughly, precisely, and reliably. Oftentimes large-scale outreach to large groups in short windows of time is necessary to maintain proper compliance and limit liability exposure.

In addition to internal breach risks, organizations cannot discount the potential for an outside event to enter their environments and wreak havoc. Certain events can cause widespread attacks that quickly place a large number of organizations at risk. A prime example is the MOVEit hack that began in May 2023 that many are still reeling from. Understanding the effects that widespread hacks can cause and the best resources to tap into if one occurs is critical. Let’s digest the MOVEit breach as an illustration.

The MOVEit Breach

What happened with MOVEit is an example of how a small vulnerability can quickly turn into a disaster that highly increases litigation exposure. This accredited transfer file management program developed by Progress Software experienced a devastating breach. Many organizations used it for sensitive data transfers, as it met high regulatory standards. A zero-day vulnerability in both the on-prem and cloud environments emerged that no one was equipped to handle. Threat actors were able to gain access to customer accounts. There was no immediate patch available, rendering containment and mitigation extremely difficult. More vulnerabilities have also sprung up along the way.

The hack was traced back to Clop, a ransomware cybercriminal group. According to Reuters, as of August 2023 over 600 organizations globally experienced a compromise stemming from this hack. The article proclaimed, “the sheer variety of victims of the MOVEit compromise, from New York public school students to Louisiana drivers to California retirees, have made it one of the most visible examples of how a single flaw in an obscure piece of software can trigger a global privacy disaster.”

Exposure is not limited to organizations that use MOVEit but extends to third-party vendor data. Many incidents involve more than one million affected contacts. Threat actors will continue to trickle out impacts utilizing the vast amounts of data they have exfiltrated. The types of data impacted tend to be rich files with contact data, such as complete client or employee lists containing full PII sets.

Breach Response Efforts

When falling victim to a widespread attack like MOVEit, time is precious. Organizations need expert resources to lean on and limit the fallout. This is where having a cyber incident response partner that can quickly launch a customizable multi-faceted breach response program is a game changer. With such sensitive information at risk, anything that can be done to remediate faster will make a huge difference in how much liability exposure the organization ultimately experiences.

If protected data is exfiltrated or accessed from compromised MOVEit environments, accurate and effective review is essential to create clean lists of affected contacts. This includes employees and customers requiring notification. Timely notification, quality care, and support of these contacts is essential. This minimizes damage, protects brand trust, and helps avoid regulatory fines. Providers offering a breadth of services when opportunistic events such as MOVEit occur can be valuable to limit litigation risk. Look for expertise in data mining, review, project management, notification, call centers, and credit monitoring.

In the MOVEit breach response landscape – or for any similar event in the future – so much is unknown. The end is not certain with such involved hacks, so it is prudent to have a plan in place for ongoing management. This also provides insight into handling vendor relationships going forward. As the MOVEit breach demonstrated, organizations are dependent on the security habits of their vendors and other third parties. Before partnering with someone, investing in new technologies, or otherwise transferring sensitive data – it is crucial to advance a thorough vetting process to understand all cyber risks.

Conclusion

Widespread hacks exploiting zero-day vulnerabilities are just another thing to account for with breach response. Cyber incidents can be unpredictable, so investing in preparedness efforts is important. Already having a breach response provider capable of delivering services efficiently and at a large scale prior to a devastating event can make a world’s difference. This can help navigate the unknown, quickly reach cost-effective resolutions, manage the risk of lost business, avoid steep regulatory fines, and maintain an ongoing breach management plan when needed.