Global Cyber Breach: The Need to Manage Vendor Risks, People Risks and More…
Several US federal government agencies have been hit in a global cyberattack by Russian cybercriminals that exploits a vulnerability in widely used software, according to a top US cybersecurity agency. Aside from US government agencies, “several hundred” companies and organizations in the US could be affected by the hacking spree, (according to a CNN report). Since late last month, the hackers have been exploiting a flaw in widely used software known as MOVEit that companies and agencies use to transfer data.
Note the following:82% of breaches involved the human element, meaning a breach came down to successful phishing, a misuse of credentials, the ability of a hacker to steal credentials, or just human error within a system
Additionally, the use of a 3rd party (think vendor risk management) and its products/services can be used to introduce/originate a cyber breach, as in this case with the Moveit software. (and solar winds etc. etc.)
Note the ad below for Moveit: It uses the words, “secure”, and “easily ensure”, in the ad.
With that being said, effective risk management does not end when you hire an entity to help manage your risk.
MOVEit®- Managed File Transfer Software
Progress MOVEit is the leading secure Managed File Transfer (MFT) software used by thousands of organizations around the world to provide complete visibility and control over file transfer activities. Whether deployed as-a-Service, in the Cloud, or on premises, MOVEit enables your organization to meet compliance standards, easily ensure the reliability of core business processes, and secure the transfer of sensitive data between partners, customers, users and systems.