Jul 27 2023

Reverberations from the MOVEit Zero-Day

The recent MOVEit breach is currently affecting hundreds of organizations, millions of individuals, and these numbers continue to grow.

MOVEit is an accredited file transfer software that can meet regulatory compliance requirements such as HIPAA, PCI, GDPR, and others. This protocol and encryption level made it a highly sought-after service. Government agencies and companies in industries that require regulation of sensitive data have been greatly impacted.

Many organizations were exposed to this breach via their third-party vendors. While they did not utilize MOVEit directly, they were affected just the same.

But as attack methods evolve, system vulnerabilities have a greater chance of being exploited.

As these larger and smarter attacks continue to emerge, it is vital for organizations to strive for their environment’s protections to be fool proof.

It is also crucial to ensure your partnering organizations or anywhere in which your data is stored is held to the same standard.

We recommend organizations chose a cybersecurity framework to comply with to guide their security initiatives. The Cyber Security Frameworks we most commonly see are the NIST CSF, NIST 800-171, HITRUST and ISO 27001. Microsoft has also developed a Zero Trust Model that encapsulates the principles: Never Trust, Always Verify, Implement Least Privilege, and Assume Breach.

Layer 8 Security offers a Security Architecture Review and Workshop to support Zero Trust Architecture and prevent the need for reactionary security processes.

Preparation is key, and we are ready to get you there.

Photo by Studio Republic on Unsplash