A recent rash of ransomware attacks is revealing that many enterprises suffer from a real weakness – one they don’t realize until it’s too late. And unfortunately, it reaches much further up the ladder than the IT department. I’d like to share some thoughts on what is happening and how modern enterprises got here, as well as advice on a path forward to more secure file transfers.
Ransomware attacks targeting third-party file transfer solutions are multiplying
Businesses exchange files every day with other organizations, and these files contain sensitive customer information and business-critical data. Virtually every enterprise uses some sort of file transfer software to do this, like SFTP or Managed File Transfer.
Recent ransomware attacks – which are still ongoing – are exploiting legacy file transfer solutions: a humbling reminder that anybody could be the next target. We’ve learned that even CEOs of large enterprises can be surprised at how vulnerable they are to these types of exploits – or didn’t even know they were running such a file transfer solution.
Ransomware groups – you may have heard the name Cl0p – hit government agencies and large organizations, from media and banks to petroleum and education, and we’ll probably never know the full extent of the impact.
The software providers affected have released security patches, but many companies are still doing damage control on their reputations. Now, we’re even seeing the start of class-action lawsuits.
Now is not the moment to breathe a sigh of relief – cyberanalysts say this is likely just the tip of the iceberg. It’s time to reevaluate your file transfer needs and make sure you’re securing your back door.
Why is this happening?
This newer trend of attacking the “middleman” is effective in part because it takes advantage of some weak spots in the modern supply chain. Without engaging in talk of the complicated geopolitical context, I see the news of ongoing hacks as evidence of an underlying issue.
Many organizations are running outdated systems, with solutions that have been around for decades. What often happens is that no one is looking at it very closely – they plugged them in 15 years ago and it’s been working ever since.
These file transfer ecosystems are sometimes constructed in a very ad hoc fashion, perhaps for a specific purpose, in a one-off manner where speed was the priority. But in an increasingly complex world with sprawling B2B ecosystems, these ad hoc solutions open the door to significant vulnerabilities.
To put it bluntly: a less expensive Managed File Transfer (MFT) solution might be simpler, but these also tend to have gaps and foundational limitations in the way their security was architected.
A lightweight solution could open up your enterprise to serious risk, which will affect much more than your technology stack: it could impact the company’s reputation and cost millions of dollars.
At Axway, we’ve built a reputation for enterprise-grade solutions and security that’s built into our solutions from the ground up. In two decades of leadership and innovation in managed file transfer solutions across industries, we have supported numerous Fortune 500 brands and government entities without a single security incident.
We’re here to help guide you in keeping these essential processes going – while making sure the data stays safe.
What should enterprises do to bolster MFT security?
The path forward in the industry is to embrace Zero Trust principles, while evaluating your current practices.
Naturally, if you’re currently at risk or have already been breached, it’s crucial to apply any existing patches and needed updates. But it’s also time to rethink your “utilities,” so to speak.
We’ve learned that MFT security is a core value: if data is important to running your business, then how it is transferred, shared, and protected needs to be foundational – because it can easily become the next attack vector.
In July, 400 organizations had confirmed that Cl0p obtained their data. At last count, we’re looking at 20 million individuals’ details stolen. Now more than ever, you should be looking at more modern approaches to data management.
A proven partner will help maintain trust throughout your ecosystem
It’s important to understand that if your MFT fails, it’s not just the CIO or the MFT manager that’s going to lose their job. We’ve learned of CEOs who were forced to resign because of these breaches. Regardless of who’s at fault for a given breach, there will be a significant erosion of trust.
Enterprises need to work with a vendor who will be a true partner, one that continues to invest in R&D to improve and secure their MFT technology. One with a proven track record of the highest security levels.
Axway takes security to the next level. We’re the only enterprise-grade leader truly dedicated to MFT left in the world. Our commitment to security, both in terms of culture and process, means we can offer SLA options up to 99.99% availability and follow-the-sun support.
You need an MFT vendor that will partner with you 24/7/365, who’s here to secure your business in the long run. Let’s start a conversation.
Learn more about Axway MFT and get in touch.