What happened?
Prudential Malaysia confirmed that two of its local subsidiaries, Prudential Assurance Malaysia Bhd (PAMB) and Prudential BSN Takaful Bhd (PruBSN), have been affected by a Cybersecurity attack caused by the MOVEit zero-day vulnerability exploit.
What is “MOVEit”?
MOVEit Transfer is a secure Managed File Transfer (MFT) software that allows the exchange of files and data between servers, systems, applications, and users within and between organizations.
A zero-day vulnerability affecting MOVEit Transfer (a critical SQL injection vulnerability) has been exploited to hack organizations and steal their data.
How many people were affected?
It is very likely personal agent and customer data is affected which may include name, contact number, national identification number, bank account, and/or partial credit card information. The risk of unauthorized transactions is reduced as only partial credit card information is included.
What did they do right?
To its credit, Prudential Malaysia responded swiftly.
Prudential said it immediately took action to isolate the affected server as soon as it became aware of the data breach. The company assured that its businesses remain fully operational, while its customer operations are unaffected by the attack.
According to Prudential Malaysia, immediate steps are being taken to notify impacted customers and provide appropriate support, including a dedicated hotline with extended hours. Aside from that, Prudential Malaysia is committed to constantly reviewing and updating its defense systems.
What lessons can we learn and apply?
Even with DevSecOps practices in place, supply chain vulnerabilities can still pose a significant threat to organizations. The software supply chain involves various stakeholders, including third-party vendors who provide components, libraries, and other software modules. Attackers can exploit any vulnerability in these components to gain access to an organization’s system, steal sensitive data, or disrupt services.
Therefore, it is crucial to have a comprehensive supply chain security program that includes risk assessments, vendor management, and continuous monitoring of the supply chain. In the context of Prudential, perhaps the organization should have been more aware of any vulnerabilities in its third-party applications and gird themselves.
As companies become increasingly reliant on technology, they also become more vulnerable to cyber attacks. Cybersecurity threats can damage a company’s reputation, disrupt its operations, and cause financial losses. Therefore, it is essential for businesses to identify potential cybersecurity risks, develop a robust cybersecurity strategy, and implement security measures that can protect their assets and data.
Top comments (0)