Important Lessons From the MOVEit Hack

Important Lessons From the MOVEit Hack

By Joel Bruckenstein

About two weeks ago it was widely reported that two major financial services firms, Genworth and Jackson National, suffered data breaches due to a MOVEit hack. MOVEit is a software used to transfer large data files. In the case of these two firms, a vendor of theirs, PBI Research Services, used MOVEit, leading to the exposure of confidential client data. PBI is a third-party vendor used by Genworth and Jackson National in scanning social security data to determine whether a policyholder may have passed and triggered death benefits under a life insurance policy or annuity contract. 

The two firms mentioned above are not the only ones that were impacted by MOVEit. Over 1,700 firms and government agencies use MOVEit.

While any data breach involving client data is disturbing, the actions of both financial services firms to quickly identify the issue, notify all relevant parties and remediate the breach are actually indications of strong cyber policies according to Brian Edelman, the CEO of FCI Cyber, nationally recognized expert specializing in Cybersecurity Protection and Compliance.

“Every financial services firm should have a Mass Vulnerability Response plan in place, says Edelman. The fact that Genworth and Jackson National responded quickly and appropriately indicates that they both had strong programs”.

Edelman believes that a significant number of financial services firms have exposure to MOVEit. The fact that so many have not made any statement of exposure suggests to him that there may still be vulnerabilities out there.

“I would suggest that every advisory firm have their designated security officer reach out to their vendors to inquire whether or not they have been impacted by the MOVEit vulnerability”, Edelman says.

So, what lessons can we learn from this situation? The first one is somewhat
counterintuitive: The firms that made the initial headlines, Genworth and Jackson National, demonstrated that they had strong policies in place that allowed them to respond rapidly and appropriately. The second is that the financial services industry needs to take further actions to better protect client data in the future. Firms that do not have a robust Mass Vulnerability Response plan need to improve their readiness, because other vulnerabilities are likely to occur in the future, and we need to be better prepared for them.

Joel Bruckenstein
Joel Bruckenstein
Joel P. Bruckenstein, CFP®, is Publisher of the T3 Tech Hub (formerly the T3 newsletter) and the producer of the Technology Tools for Today (T3) Advisor Conference, the only annual technology conference for independent advisors, as well as the Technology Tools for Today (T3) Enterprise Conference. He also hosts other technology summits in partnership with thought leaders in the financial services industry (e.g., Brian Hamburger of MarketCounsel) and his own by-invitation-only fintech summit every summer. In 2020, Bruckenstein will produce for the first time a new one-day intensive called T3 Cyber University. Bruckenstein is an internationally acclaimed expert on applied technology as it relates to the financial service industry. He is the co-author of three books: Virtual Office Tools for a High Margin Practice, Tools and Techniques of Practice Management, and Technology Tools for Today’s High Margin Practice. Bruckenstein’s monthly technology columns appeared in Financial Advisor magazine and Financial Planning magazine for many years. In addition, he works in tandem with industry influential Bob Veres, publisher of Inside Information, to produce an annual technology survey for the financial planning community. Bruckenstein accepted the fifth annual Leadership Award bestowed by Bob Veres' Insider's Forum, a conference that brings together the leading figures of the financial planning profession during a main stage presentation at the Insider's Forum held September 6-8, 2017 in Nashville, TN. Bruckenstein has for more than twenty years advised financial service firms of all sizes on improving their technologies, processes and workflows. For more information about Joel Bruckenstein and the services his firm offers, please visit www.JoelBruckenstein.com.

Comments are closed.