MOVEit cyberattacks: a lesson in preparation
Over the summer, thousands of organizations across the globe were impacted by a massive cyberattack on the popular third-party file transfer tool MOVEit, which is widely used by dozens of industries to manage sensitive data.
The attacks were carried out by the sophisticated, Russian-linked cybercrime group Cl0p. It infiltrated the MOVEit software through a “zero-day vulnerability,” allowing the undetected extraction of millions of pieces of individual data.
This huge breach presented a lot of organizations with the challenge of communicating with their stakeholders to explain that their data had potentially been exposed. And many of those organizations engaged crisis management firms. At Leidar, we advised more than a dozen.
A key takeaway from a cyberattack of this magnitude is the critical need for organizations to have cyber incident response plans ready. The MOVEit incident highlights the importance of including every type of crisis scenario in proactive planning. Not having a communications plan ready to execute in times of crisis is a bigger risk than any actual incident, particularly when events move very quickly. Being caught unprepared can be catastrophic.
What is an incident response plan?
An incident response plan contains all the necessary information and processes should your organization experience a crisis, in this case a cyberattack. It should include all internal company policies, legal requirements, escalation and engagement protocols, draft statements covering a range of scenarios, and more. Each incident response plan is unique because your circumstances are unique and your organization needs to be able to adequately relay crucial information and act as soon as a crisis unfolds.
What’s the value?
Spending time and energy crafting a plan with an unknown action date can feel like an overwhelming task, but our experience has shown time and again that it pays off in the long run. Having to scramble with no plan, under intense pressure, is a bad alternative. Instead, when a plan is already laid out, the crisis response is rapid and effective.
The MOVEit attacks provide a clear example of our team helping clients who engage us when they are in the middle of a crisis. We help them navigate through such a difficult process. But there is no question that the process is simpler if the preparations are already in place.
And crafting an incident response plan is only one step. Practice ensures any organization is prepared in any scenario, even if a third-party vendor is the one affected. We recommend regular scenario-based training sessions, both to ensure the individuals are fully prepared and to ensure the plan is still fit for purpose.
The recent MOVEit incident has left its mark on the history of large-scale, coordinated cyberattacks. Organizations across the world should take this as a lesson about the importance of incident response plans: preparedness is key in our highly unpredictable online world.