Extract from Epiq’s article “Move it or Lose it – With Cyber Breach Response, Time is of the Essence”
There are so many factors that go into breach response. Determining the size of the breach, time limitations, legal requirements, notification needs, urgency for containment, and interrupted business operations are just a few. Once a cyber security incident results in a data breach, reaching those affected needs to be done quickly, thoroughly, precisely, and reliably. Oftentimes large-scale outreach to large groups in short windows of time is necessary to maintain proper compliance and limit liability exposure.
In addition to internal breach risks, organizations cannot discount the potential for an outside event to enter their environments and wreak havoc. Certain events can cause widespread attacks that quickly place a large number of organizations at risk. A prime example is the MOVEit hack that began in May 2023 that many are still reeling from. Understanding the effects that widespread hacks can cause and the best resources to tap into if one occurs is critical. Let’s digest the MOVEit breach as an illustration.
The MOVEit Breach
What happened with MOVEit is an example of how a small vulnerability can quickly turn into a disaster that highly increases litigation exposure. This accredited transfer file management program developed by Progress Software experienced a devastating breach. Many organizations used it for sensitive data transfers, as it met high regulatory standards. A zero-day vulnerability in both the on-prem and cloud environments emerged that no one was equipped to handle. Threat actors were able to gain access to customer accounts. There was no immediate patch available, rendering containment and mitigation extremely difficult. More vulnerabilities have also sprung up along the way.