Navigating the MeridianLink Attack: Lessons in Data Security

By Harry Anderson

When you think about the worst-case scenario for a data breach, the recent MeridianLink attack is a prime example. I had the opportunity to sit down with cybersecurity expert Paul Mitchell, whose insights into the incident provide a roadmap for better handling such crises.

Paul recounted, “It was November 7 when MeridianLink first got the ominous message from the ransomware group BlackCat, also known as AlphV. The hackers had stolen unencrypted data and threatened to leak it if the ransom went unpaid. MeridianLink didn’t respond, and things quickly escalated. The hackers reported the breach to the Securities and Exchange Commission (SEC) themselves, a move that’s almost unheard of.”

MeridianLink’s predicament worsened as the hackers’ bold step of notifying the SEC not only put the company’s reputation on the line but also highlighted the urgent need for regulatory compliance. “This incident serves as a stark reminder,” Paul noted, “that proactive steps and embracing transparency are critical to mitigating the impact of a data breach.”

Paul emphasized the importance of preparation. “Addressing and preparing for data breaches should be a top priority for any company, especially those in regulated industries like financial services and healthcare,” he explained. “According to IBM, the average data breach cost is now $4.45 million, a number that should catch the attention of any corporate decision-maker.”

Paul outlined several proactive measures companies should take:

1. Back Up Data Regularly: “Before an attack occurs, a robust data backup plan should be in place. If compromised data is encrypted and unusable to attackers, backup data can help restore normality quickly. Companies should regularly conduct restoration tests to ensure the process is as smooth as possible.”

2. Respond to an Attack Quickly: “As soon as you become aware of an attack, mobilize your incident response team. Gather all pertinent information and notify applicable agencies, along with affected consumers and stakeholders. Time is of the essence, and the business continuity and disaster recovery (BCDR) plan should start with a checklist for communication and roles/responsibilities.”

3. Contact Appropriate Regulatory Agencies: “As evidenced in the MeridianLink breach, reporting breaches to regulatory agencies is necessary. The SEC, Federal Trade Commission (FTC), and the U.S. Department of Health and Human Services (HHS) have little to no tolerance for organizations that try to hide a breach.”

4. Double Down on Encryption: “Data encryption is a mission-critical protection method. Companies need to have a series of safeguards to lower the risk of an attack. Encryption serves as a proven line of defense to neutralize the damage. Cybercriminals themselves use it, which underscores its effectiveness.”

Paul also highlighted the role of BYOK (Bring Your Own Key) services. “Many cloud providers now offer BYOK services, allowing organizations to manage their encryption keys. Not even cloud database administrators can access these keys, making it almost impossible for attackers to gain access.”

In closing, Paul stressed, “Data breaches are growing more prevalent and sophisticated. Companies must make every effort to minimize the impact of an attack. Attempting to mitigate the damage flat-footed—and even worse, responding without transparency—is a recipe for financial and ethical disaster. Employing best-in-class preparation and defense tactics, like encryption, positions companies to show their customers and regulators that they take threats seriously and will do everything they can to protect them.”

Paul’s insights serve as a valuable guide for companies navigating the complex landscape of data security. The MeridianLink attack underscores the pressing need for preparation, quick response, and unwavering transparency.

Harry Anderson

Leave a comment

Your email address will not be published.