The MOVEit transfer event and the corresponding impact
culture
Inclusion and Diversity
Corporate Social Responsibility
Team BRIT
Environmental, Social & Governance
Insurance
accident and health
casualty
public and products liability
employers liability
environmental liability
contingency
event cancellation
non appearance
film
prize indemnity
cyber
cpr
xdr
bcap industrial
xdr pro tech
first50
cyber claims
delegated authority
commercial property
flood
financial property
homeowners
small commercial general liability
directors & officers
energy
Renewable Energy
e-trading
financial institutions
fine art and specie
healthcare liability
marine
cargo
hull and marine war
keel
marine and energy liability
political risk trade credit
political violence / terrorism
political violence/london
private client
home
motor
travel
professional liability
small north american liabilty
north american professional liability london
programs
property
north american open market property
international property
uk property
transportation
Reinsurance
casualty treaty
international casualty treaty/london
north america casualty treaty/london
casualty treaty bermuda
property treaty
property treaty
property treaty bermuda
Claims
Claims Philosophy
Claims Innovation
Cyber Claims
industries
aerospace
aquaculture, equine and livestock
architects and engineers
commercial
construction
consumer goods
education
energy
events & entertainment
farming and agriculture
financial services
healthcare
municipalities
personal lines
professional services
real estate
religious and not-for-profit
retail
technology
transportation
utilities and industrial
careers
Why join Brit?
Why work in Insurance?
our business areas - speaking for ourselves
business area - actuarial
business area - claims
business area - finance
business area - internal audit
business area - operations
business area - risk
news
Brit Group
Brit Global specialty
Brit Re
Brit India
Camargue
financials and governance
Financials
Governance
executive & board
Risk
History of Brit
Working with FinTechs and InsurTechs
Fair Value Assessments
brokers and coverholders
leadership
innovation
contact
Complaints
Privacy Notice
Modern Slavery
Terms and Conditions
The latest from Brit

Brit Re

Brit appoints Jonathan Stephenson to lead Bermuda expansion

find out more

news

find out more
Gettyimages 1347494197

news

Given recent events with regards to the MOVEit transfer application being compromised at scale by the Cl0P ransomware group, we have collected several viewpoints and perspectives that we have seen from subject matter experts and events that have been reported in the press.

Vendor Security

The MOVEit event has affected organisations both large and small, and it has thrown up the need for stringent oversight of what data is being shared where, and what vendors have access to this.

Companies need to consider how the vendors they are using could impact their organisation both directly and indirectly:

  • Directly – using a service without performing due diligence on the security controls in place.
  • In-directly – companies need to ask where vendors are holding their data and if this is in a secure manner.

 

Data Management

Data is one of an organisation’s most important assets, as a result a robust data risk management strategy should be in place. An organisation should have visibility of:

  1. What data it has
  2. The criticality of this data
  3. Where it is stored
  4. Who has access to it
  5. What protection is in place over this data

Questions that an organisation should be asking themselves include:

  1. Has the data been assessed by the business for criticality and has this fed into a Business Impact Assessment?
  2. Has a review been performed of what data needs to be retained to maintain business operations?
  3. Does the organisation have visibility of where data is being held by third parties and what protection is in place?
Gettyimages 1462653119

Patch Management

While the CVE scoring system helps indicate what patches are critical and what are not, there is a business lens need to be applied to this. Applications that are holding sensitive data need to be prioritised especially if they are visible externally. Organisations should have a formal process for ingesting patches from vendors.

Network Monitoring

Organisations should not rely on vendors to provide secure products – additional monitoring should be put around an application, especially if it is related to other systems. Monitoring in front of filesharing tools is a must. In the event of a suspected incident, network monitoring data should be used to validate any IoCs (Indicators of Compromise) provided by the vendor.

As part of a well-managed detective capability, logs should be consumed from a variety of sources. File sharing applications are no exception to this, and this should be layered with network monitoring in the event the application is compromised, and the logs do not reflect the malicious activity.

 

Evolving Threat Actors – patience is a virtue for now…

In recent years we have seen that threat actors are typically impatient, and the corresponding organisation is often unstructured. This is evidenced by several breakaway threat actor groups that we have seen over the past 24 months. 

In this current case CL0P (group behind MOVEit ) are more organised and there are reports that they have been testing the MOVEit transfer exploit since 2021. As a result of this, it has allowed them to exploit many organisations in short periods of time ahead of a patch being readily available.

CL0P have a track record of compromising file transfer tools, as they have been indicated to be behind the GoAnywhere and Accelion breachs in 2023 and 2021 respectively. While these tools had several clients using them, the MOVEit profile is significantly larger and therefore the number of clients impacted is greater.

Lessons learnt/What does great look like?

Based on the above and what we have observed through our market analysis and own experience, we suggest four core areas of focus, not only for the MOVEit event but going forward to ensure a robust cyber risk management approach.

  1. A mature vendor risk management programme should take input from any data inventories to ensure as much comfort as possible is gained where vendors are storing or processing data on behalf of an organisation.
  2. Ensure the five key principles of data management are being followed:
    1. What data it has
    2. The criticality of this data
    3. Where it is stored
    4. Who has access to it
    5. What protection is in place over this data
  3. Ensure that any vendor software is appropriately patched by having a clear ingestion point so that it can be classified and prioritised as needed.
  4. Network monitoring should be robust and include applications that contain critical information.

How Brit can help?

  • Swift notification via our claims app or direct to us, allows our insureds quick access to a panel of market leading incident response vendors that are able to support.
  • DataSafe email notifications on the latest threats as well as a wealth of resources and access to virtual CISO.
  • As a lead primary market within the Lloyd’s market, Brit has access to best-in-class legal counsel and threat intelligence from the private and public sector, which helps clients remain on the front foot when it comes to managing cyber events such as the MOVEit vulnerability.

£150,000,000 6.625 Per Cent. Subordinated Notes due 2030 (ISIN XS0237631097) Issued by Brit Limited and Guaranteed by Brit Insurance Holdings Limited

22-01-2025 |Brit Group
Read more

Conference Season 2025

17-12-2024
Read more

Home safety and security at Christmas time

16-12-2024 |Private Client
Read more

Ki to become standalone business within the Fairfax Group

12-12-2024
Read more

Protecting collectables and memorabilia

12-12-2024 |Private Client
Read more
London Footer White

A Fairfax Company

©2024 Brit Group Services Limited. All rights reserved.