1

Top 3 data breaches and how they could have been avoided

In the current threat landscape, data breaches are regularly in the news. But how can we avoid them?

As the masses get vaccinated and COVID times come to an end, cyberattacks continue to accelerate. In fact, they never stopped during the pandemic, instead, they increased.

Over the past year and a half, we have seen hundreds of recorded security events, including ransomware attacks, malware injections, and more. As organizations across industries struggle to stay a step ahead of hackers, companies must use everything at their disposal to protect their enterprise networks.

Let’s take a look at three recent data breaches and how they could have been prevented.

1. SolarWinds supply chain attack

The end of 2020 saw one of the most significant cybersecurity attacks in history, the SolarWinds supply chain attack. In this incident that was supposedly a nation-state attack, the damage was extensive and spread across the planet. However, we could have easily avoided it.

According to the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA), a decade-old security recommendation could have averted it. 

How could it have been avoided?

Security audit: if companies performed regular security audits and engaged ethical hackers, they could have identified such vulnerabilities. What’s more, something as simple as installing a

firewall to block all outgoing connections to the internet would have neutralized the malware.

2. Oxford University Covid-19 lab

One of the most talked-about security events of the year was at the Oxford University, Division of Structural Biology lab that conducted research on the COVID-19 vaccine. In this incident, threat actors were able to compromise internal lab systems and gain unlimited access to coronavirus research data, biochemical sample data, and more.  

Although the university failed to disclose the scope of the data breach, it’s pretty clear that the damage is already done. In this scenario, the fallout from this cyber-attack could be the loss of intellectual property.

How could it have been avoided?

Zero-trust and device authentication: Oxford University could have stayed out of the headlines if they took a zero-trust approach and prevented unauthorized users and devices from accessing internal systems. 

In this case, they would have benefited from using a continuous authentication protocol. This is because attackers wouldn’t have been able to access lab systems, and the research would have stayed safe.

3. Microsoft Exchange Server

The recent attack on Microsoft Exchange Servers saw four zero-day bugs (which resided on-premises across multiple organizations) exploited by threat actors. In this security incident, hackers were able to compromise at least 250,000 of these servers at the beginning of the year. 

This includes servers that belonged to over 7,000 companies in the UK, leading political organizations in the Norwegian parliament, the Czech government, and the European Banking Authority. 

Hackers managed to access the network and obtain internal control. This is true for even sensitive elements like the Active Directory. In March 2021, Microsoft finally released some patches, so if you haven’t already done it, make sure to patch your servers ASAP!

How could it have been avoided?

A proactive approach to cybersecurity: it seems like this attack happened after Microsoft was made aware of the four zero-day vulnerabilities. As such, a proactive method would have helped companies stay a step ahead by keeping their finger on the pulse, going offline, or taking a zero-trust approach. 

A zero-trust approach helps prevent lateral movements and internal advancements. In this case, bad actors wouldn’t have been able to see the architecture or its components from an unauthorized device.

As we enter the second half of 2021, there’s no sign that hackers are slowing down. To secure enterprise infrastructure, companies should take a zero-trust approach, follow best practices, and stay on top of current cybersecurity trends.

However, it’s just not enough! 

Businesses must also leverage encryption technologies and hire an ethical hacking service to fortify their infrastructure. This approach provides a considerable advantage over the bad guys and keeps your brand out of the headlines.

At Artmotion, we’re passionate about cybersecurity. If you have cybersecurity issues, you can bet that we have robust solutions. To learn more, schedule a demo or sign up for a 15-day free trial.



to top