In the ever-evolving landscape of cybersecurity threats, managed services providers (MSPs) are critical in safeguarding their clients' data and infrastructure. The latest instance of how your clients can be vulnerable to these cyber risks emerged recently with MOVEit, a popular software with vulnerabilities that have now impacted more than 20 million victims worldwide.
MOVEit is a widely used managed file transfer (MFT) solution. Its customers include some of the most prominent organizations in the world, as well as some government organizations. Victims of the recent attack include more than 383 organizations, among them DHL, Ernst & Young, the government of Nova Scotia, the Minnesota Department of Education, and the British communications regulator, Ofcom.
The attack began in May 2023, with hackers leveraging a zero-day vulnerability in the software to inject SQL commands and access an extensive database of customers. Attackers have been tied to a Russian ransomware group and have been leveraging the vulnerability to execute ransomware attacks worldwide and cause significant damage.
As is the case with many large-scale vulnerabilities, many of those still falling victim are the ones who failed to apply security patches and updates promptly. According to a survey by the Ponemon Institute, 57 percent of attack victims claim that proactively installing an available patch could have prevented their breach. This underscores the fact that, although the organization may not be at fault for the impact, such measures could provide significant protection. Progress Software, which makes MOVEit, released a patch in June that companies can use to secure their organizations.
As an MSP, you can play an important role in mitigating the risk from these vulnerabilities to your clients, as well as helping build a comprehensive vulnerability management strategy to protect the organization more broadly. The first step is getting visibility into which customers are potentially impacted. You need to determine which customers are leveraging this software and, therefore, may be vulnerable without the correct patch mitigation.
Once you understand which of your customers are vulnerable, you can help them use the software to implement the correct patches and monitor for any signs of potential attack. Additionally, you can help implement further security protections, such as enforcing strong access controls, which limit user permissions to only what is necessary for their roles, and regularly review and audit access privileges to ensure that users have the minimum access required to perform their tasks. In addition, adopting strong security tools such as multi-factor authentication (MFA) significantly enhances security by adding an extra layer of protection, making it harder for attackers to compromise user accounts.
Even for customers that may not have this specific software implemented, you can use this widespread global cybersecurity incident as a reason to check in and start a conversation on how to advance cybersecurity strategies more broadly across their organization so they aren’t impacted by any future incidents. Implementing a strict patch management process will minimize the window of opportunity for threat actors and reduce the risk of a data breach. Additionally, you can help implement security precautions such as encryption, multi-factor authentication, network monitoring, regular security awareness training, and more. Furthermore, as an MSP, you should regularly monitor vendor updates and security advisories.
The recent MOVEit-related breaches are a stark reminder of the relentless and ever-evolving cybersecurity landscape. MSPs must recognize their critical role in safeguarding their clients' data and infrastructure. By applying the essential takeaways from these breaches, you can significantly bolster the security of your clients' MOVEit environments and prove your value as a trusted advisor.