MOVEit hack, might not impact you but here’s what you need to worry about…
Recently we heard of another major breach involving some big names such as the BBC, British Airways and Boots. We hear about this kind of thing more frequently now and are probably becoming little numb to it. Generally, on hearing this news, people think ‘does this news impact me and my personal data’, if not, they move on. The recent hack seemed to only involve internal personnel data, so most of you would have not paid it much attention. But there is one important part of this that all business and data owners need to pay attention to…
We’ve written about this before but never hurts to re-iterate.
‘Clop’, The Cybercriminal group behind the hack, operates a ‘Ransomware-as-a-service’ model (this is the part all business and data owners need to pay attention to).
Ransomware-as-a-service is where anyone can engage with the Hackers to agree and get access to ransomware packages. Typically done via forums or the dark web. Once the terms have been agreed the ransomware is customised for the targeted victims. That person can then execute the ransomware within the intended network or target. With the aim of sharing the profits from the ransom payment with the ‘Clop’ cybercriminal group. I know, scary.
It essentially means anybody in your organisation could plant malware on your network, for a profit.
I’m not saying this is commonplace, but I am saying you should always try to protect where possible. Have a zero-trust policy when it comes to network and data access. There is a fine line between people easily being able to get on with their jobs vs protecting data and assets. Too far either way and it could be problematic.
Luckily, there are many tools, guidelines and configurations available to aid this conundrum. We would recommend, as a basic starting point/bare minimum that every business should work towards the Cyber Essentials standard. This standard is a baseline of security processes, procedures, and settings, and not necessarily high cost, expensive tools and software. It provides businesses with a strong foundation to empower their workforce to fulfil their tasks, all the while having the assurance that the business is effectively safeguarding its data and systems.
If you have any worries about the state of your IT’s security, or just want to check if you’re doing it the right way, feel free to drop us a message. We’re always happy to help.
PS: It’s worth mentioning that all of our Managed Service Clients are brought up to this standard, even if they don’t want to apply for the official certification.
