MOVEit incident spurred UK decision makers to spend big on cyber

zephyr_p – stock.adobe.com

The MOVEit cyber attacks that unfolded in the spring and summer of 2023 seem to have driven an increase in both ransomware awareness and spend, according to a report

Alex Scroxton,
Security Editor

Published: 23 Nov 2023 15:15

With thousands of known victims, the MOVEit cyber security incident has been by some measures the most significant cyber security story of 2023, but research by data protection and ransomware recovery specialist Veeam has found it may have had a positive impact, too – at least on supplier balance sheets – influencing IT decision makers across the UK to beef up their ransomware resilience practice.

Progress Software, the developers of the MOVEit managed file transfer tool, patched the issue on 31 May, but over June and July, victims mounted up around the world, as the Clop (aka Cl0p) ransomware cartel took advantage of the vulnerability to attack end-user organisations at a scale never before seen.

Even though Clop did not deploy ransomware lockers on the systems of MOVEit victims – heralding an emerging trend of cyber gangs forgoing malware in favour of a quick smash-and-grab data raid – the attacks still caused widespread disruption.

As of 23 November 2023, independent researchers estimate that 2,588 organisations have been impacted by the attacks, with the data of between 77 and 83 million individuals affected.

Nearly six months down the line, Veeam commissioned Censuswide to survey directors of UK companies with over 500 seats that had suffered a ransomware or extortion attack in the past 18 months, and find out how the MOVEit incident had changed things on the ground.

The pollsters found that 24% had become significantly more anxious about ransomware attacks as a direct result of the MOVEit breach, and 66% were slightly more anxious.

However, this anxiety has also translated into action. As a direct result of MOVEit, Veeam found that 42% of respondents had put more money into backup and recovery services and solutions, and 29% had taken the decision to tweak their existing cyber strategies to optimise them against ransomware – mostly by paying more attention to data safeguarding and recovery.

The survey also found that 41% have increased their wider spending on security, and 31% have taken out a cyber insurance policy. Staff training is also creeping up the agenda, with 42% looking to spend on skills development and 40% upping their investment in training.

“MOVEit cyber attacks have changed the discourse around ransomware and thrust the issue front and centre into the public domain,” said Dan Middleton, Veeam vice-president of the UK and Ireland. “While it has sadly become an inevitability for businesses, protection is possible. Businesses need to achieve ‘radical resilience’ against ransomware by developing a data protection and ransomware recovery strategy that goes beyond the basics.

“The Veeam ransomware trends report 2023 reveals that 93% of cyber criminals target backups, so it is critical that organisations recognise that not all backup and ransomware recovery solutions are created equal, and the secret to protection lies in immutability.”

The increased spending has come alongside a shift in perception among IT leaders, with more now believing that falling victim to a ransomware attack was basically inevitable – 59% thought this and the same number thought they were also highly likely to suffer more than one attack.

Veeam said this finding exposed some troubling trends, describing it as alarming that significant numbers thought ransomware attacks were unavoidable at the same time as believing it was impossible to protect against them. This exposes businesses to “unnecessary and avoidable risk” by failing to account for data protection strategies and solutions – many of them tried and tested ones – that can prevent ransomware attacks, or at the very least mitigate the damage they do.

“It’s a fact of modern business that every organisation will have its data compromised at some point, and so the ability to rapidly recover and control the chaos in the face of business disruption has to be a foundation of their cyber protection strategies,” said the organisation.

Read more on Data breach incident management and recovery

US SEC launches probe into mass MOVEit breach