Page 141 - Cyber Defense eMagazine September 2023
P. 141

Can we trust our software?

            The reliance of companies on the MOVEit file transfer system to exchange highly sensitive information
            amplifies the significance of the recent hack and the security patch issue. Organisations placed their trust
            in MOVEit as a secure solution for their data transfers, making the breach in its security infrastructure
            particularly alarming. The fact that the loophole went unnoticed due to a security patch issue raises
            concerns about the effectiveness of their security practices and the thoroughness of their assessments.

            When companies entrust a third-party vendor with their sensitive data, they are entitled to expect a higher
            level of security and protection. The occurrence of a hack within a trusted system like MOVEit raises
            questions about the reliability of vendor systems and their diligence in detecting vulnerabilities.

            Organisations should engage in rigorous vendor assessments before implementing third-party software
            solutions. Evaluating the vendor's security history, conducting penetration testing of the software, and
            reviewing third-party security certifications can provide insights into the vendor's commitment to cyber
            security. Establishing clear security requirements in vendor contracts and conducting regular security
            reviews can help maintain a high standard of cyber security across all vendor relationships.




            The time to act is now

            This unfortunate incident also underscores the need for organisations, regardless of their size, to prioritise
            cyber security. Investing in advanced threat detection and prevention technologies, employing regular
            employee training programmes, implementing robust access controls, and conducting regular security
            audits are vital steps to defend against evolving cyber threats.

            The recent wave of vendor-related cyber-attacks serves as a wakeup call for organisations to fortify their
            cyber  security  measures.  Through  comprehensive  and  frequent  security  assessments,  and  stronger
            access controls, businesses can bolster their resilience against cyber threats. Collaborating with vendors
            and actively engaging in risk assessments can enhance the overall security posture. By assuming greater
            ownership of their cyber security, organisations can protect sensitive data, preserve customer trust, and
            ensure a safer digital future. The collaboration between businesses and cyber security experts is crucial
            in combating the growing menace of cyber-attacks and securing the digital landscape for all.



            About the Author

            Jack Viljoen is Head of Prodinity Cyber Solutions.

            Jack  can  be  reached  via  email,  on  LinkedIn,  and  at  our  company  website:
            www.prodinity.com











            Cyber Defense eMagazine – September 2023 Edition                                                                                                                                                                                                          141
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   136   137   138   139   140   141   142   143   144   145   146