The MOVEit cybersecurity incident, considered one of the most significant cybersecurity stories of 2023, witnessed thousands of victims globally. The vulnerability in the MOVEit managed file transfer tool, exploited by the Clop ransomware cartel, resulted in widespread disruptions. Although ransomware lockers were not deployed, the attack had far-reaching consequences, affecting between 77 and 83 million individuals across 2,588 impacted organizations.
Positive Influence on Ransomware Resilience Practices
A research study by Veeam indicates that the MOVEit incident has influenced IT decision-makers in UK companies to enhance their ransomware resilience practices. Despite the anxiety caused by the breach, it has led to positive changes in supplier balance sheets, prompting companies to take proactive measures.
Surveying the Impact: Veeam’s Findings
Six months after the MOVEit incident, Veeam commissioned a survey by Censuswide, targeting directors of UK companies with over 500 seats that had experienced a ransomware or extortion attack in the past 18 months.
Anxiety Levels and Action Taken
Increased Anxiety: The survey revealed that 24% of respondents became significantly more anxious about ransomware attacks due to the MOVEit breach, while 66% reported a slight increase in anxiety.
Translating Anxiety into Action: As a direct response to MOVEit, 42% of companies allocated additional funds to backup and recovery services, and 29% adjusted their existing cyber strategies to optimize against ransomware. Emphasis was placed on data safeguarding and recovery measures.
Financial and Security Implications
Increased Spending: The survey highlighted that 41% of respondents increased their overall spending on security, emphasizing the importance of fortifying cybersecurity measures. Additionally, 31% opted for cyber insurance policies to mitigate potential financial losses.
Investment in Staff Training: Recognizing the critical role of staff, 42% of companies planned to invest in skills development, while 40% increased their training budget to enhance cybersecurity awareness and readiness.
Changing Discourse and Building Radical Resilience
Dan Middleton, Veeam Vice-President of the UK and Ireland, emphasized that the MOVEit cyber attacks have shifted the discourse around ransomware, bringing it to the forefront of public attention. Middleton stressed the need for “radical resilience” against ransomware, urging businesses to develop comprehensive data protection and recovery strategies that go beyond basic measures.
Changing Perception among IT Leaders
Inevitability of Attacks: The survey revealed that 59% of IT leaders believed falling victim to a ransomware attack was inevitable, with the same percentage expecting multiple attacks.
Concerning Trends: Veeam highlighted the alarming trend where organizations considered ransomware attacks unavoidable while simultaneously believing it was impossible to protect against them. This perspective exposes businesses to unnecessary risks by overlooking proven data protection strategies.
Conclusion: Emphasizing Cyber Protection Strategies
Veeam concluded that, in the modern business landscape, every organization will likely face data compromise at some point. To address this reality, rapid recovery and effective control in the face of business disruption should form the foundation of robust cyber protection strategies.