Did you know that organizations saw 6.3 trillion intrusion attempts last year? Or that 2024 will likely end with around $9.5 trillion in damages from cybercrime? Data breaches have unfortunately grown in frequency as a result, with industries that deal with sensitive information, such as healthcare, experiencing record exposure. When looking at breach sources, Gartner found that 45% of organizational cybersecurity risk came from third parties, which begs the question — how common are file transfer data breaches?
In recent years, file transfer data breaches have grown more common:
Finastra and IBM Aspera 2024 breach
Finastra, which provides software to 90% of the world’s largest banks, experienced a hack of its internal SFTP platform in late 2024 that was likely caused by a phishing attack that stole user credentials. The hacker claimed to use IBM’s Aspera platform as part of its theft, and placed the data for sale on the dark web.
Progress Software’s 2023 MOVEit breach
One of the more widely used file transfer tools, MOVEit experienced a breach from a hacking group that used a zero-day SQL injection exploit to steal the data from approximately 3,000 MOVEit customers containing data on nearly 100 million users.
Accellion 2020-2021 File Transfer Application breach
Accellion fell victim to a similar SQL injection attack that targeted a number of zero-day vulnerabilities in late 2020 and again in early 2021. This breach was smaller in scale, affecting approximately 100 organizations. In Accellion’s case, the FTA software was nearing end-of-life and had not received the hardening of newer products.
What are the impacts of file transfer data breaches?
File transfer data breaches impact an organization in a number of ways:
1. Reputation and trust
Data breaches can be catastrophic for your organization’s market trust and confidence. Customers rely on you to safeguard their data, and will quickly move to another provider if they feel that trust has been breached. 66% of consumers do not trust a company after a data breach, with one-third ceasing their business with that company.
B2B companies face a particularly acute threat due the necessity of demonstrating regulatory and security compliance that may force them to move on from a provider. Once your organization has an insecure reputation, that trust can be impossible to restore.
2. Financial impact
The financial impact on your business and your customers cannot be understated. The MOVEit hack’s total cost is estimated at nearly $10 billion, but that cost could rise to $65 billion if all affected companies came forward to report the full effects. And while these costs reflect business and individual attempts to recover and restore security, another more significant element concern can directly affect your organization: liability.
Progress faced 127 class-action lawsuits and notices from nearly 40 customers that they intend to seek indemnity from Progress. The costs of managing this fallout reached into the millions for Progress directly.
And while Progress is the file-transfer software provider in this case, any company that experienced a breach could find itself in the same situation.
3. Operational impact
Your organization will experience several operational impacts from a file transfer data breach:
- The need to remediate the source of the actual breach
- The requirement to review all other systems to assess the scale and impact of the breach, perform required reporting and update all other systems and policies as a result
- Communication time spent informing customers, regulators and governing authorities
- Legal operations and time spent defending or initiating litigation
- Lost time that could have been spent on other improvements
4. Societal impact
An often overlooked impact of data breaches is the societal cost. Ransomware attacks can shut down important services like hospitals and power plants. Impacts to these crucial infrastructure resources will only increase the other impacts above.
What potential threats against file transfer systems exist?
A number of threats can impact file transfer environments. In this section, we’ll dive a bit deeper into the key characteristics of specific cyber threats that can compromise these environments.
Zero-day exploit
Zero-day exploits target vulnerabilities in a software’s code that can be used to gain its data and execute commands. In many cases, the software vendor may not even be aware of the code issue. And hackers who discover code issues do not always trigger immediate warnings. In the MOVEit hack, the threat actors likely spent years refining their attack after discovering the vulnerability.
Zero-day exploits are often the most dangerous because they are unknown and monitoring systems may not be configured to flag threats related to them.
How to counter zero-day exploits
Since zero-day exploits are attacks against vulnerabilities in the file transfer software itself that may not be known, the best defense against this threat is to choose a file transfer software vendor that has hardened its product with appropriate countermeasures as much as possible.
This hardening can include:
- Regular penetration testing to uncover vulnerabilities before an attacker does.
- Third-party certifications for security features like FIPS validation.
- Existence of response plans to mitigate any zero-day exploit that does occur.
Credential theft
As today’s software grows more sophisticated against intrusion, the most commonly used initial attack vector for data breaches has become credential theft — a.k.a. the use of stolen or compromised credentials, often acquired through phishing attacks. These attacks take advantage of the human capacity to make mistakes, which Stanford researchers found cause 88% of all data breaches, in order to use existing file transfer tools to remove data from an organization.
How to counter credential theft
The following best practices can help you cut the risk of credential theft:
- Train users to identify phishing attacks and avoid clicking suspicious links or attachments.
- Employ multi-factor authentication, which prevents attackers from gaining access to user accounts even if they have stolen passwords.
- Enforce a password rotation policy, which requires users to change their password after a predefined period, e.g., every 30, 60 or 90 days.
- Implement Data Loss Prevention (DLP) tools to flag and shut down the potential release of any sensitive data before it leaves your network.
Man-in-the-middle attack
Man-in-the-middle attacks involve threat actors eavesdropping on a file transfer connection to steal sensitive data. Data transfers don’t go directly from machine A to machine B. They will route through a number of other nodes along the way as your data crosses the internet, and each additional connection represents a potential security concern. A bad actor who is able to intercept your transmission may also be able to read its contents.
How to counter man-in-the-middle attacks
You can easily counter man-in-the-middle attacks by shifting from unencrypted file transfer protocols, such as File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP), to encrypted protocols, such as File Transfer Protocol Secure (FTPS), Secure File Transfer Protocol (SFTP) and Hypertext Transfer Protocol Secure (HTTPS).
When using encrypted transfers, be sure to set your encryption to the highest level your file transfer software supports, and ensure that your encryption keys and certificates are regularly rotated to prevent compromise of any particular keypair.
What is the best mitigation for file transfer security risks?
While it’s impossible to fully eliminate risk in today’s data environment, your choice of file transfer application will go a long way. The extensive security features of MFT solutions like JSCAPE by Redwood or secure file transfer tools like Cerberus by Redwood ensure that your file transfer workflows and sensitive data will be as secure as possible from cyber risks. These tools are subject to regular third-party penetration testing, have extensive third-party security validations and operate with extreme vigilance to any potential data intrusion.
If you’d like to know more about how to identify hidden risks in your file transfer environment, download our guide to securing file transfer today to protect your data.