Staying Secure: Recent Security Breaches and Essential Prevention Strategies
The increasing reliance on digital technologies has led to the increased frequency of security breaches. Recent incidents have highlighted vulnerabilities across several industries, emphasizing the importance of robust cybersecurity measures. Here, we examine some notable security breaches that have recently made headlines, detailing the “how” and the responses taken to mitigate future risks.
Microsoft Azure and Executive Accounts
In a significant cyberattack on Microsoft Azure in January 2024, hackers exposed the accounts of hundreds of Microsoft senior executives to unauthorized access, with the use of phishing attacks and malicious links. The attackers used a password spray attack to break into the accounts, which is when an attacker tries several passwords across multiple user accounts to avoid detection systems. This breach allowed unauthorized access to Microsoft email accounts, leading to the exfiltration of sensitive emails and attached documents. The attackers also targeted source code and infrastructure, emphasizing the importance of heightened vigilance against sophisticated phishing tactics.
One extremely effective way to ward against this type of attack is to create strong passwords and change them regularly to prevent them from being hacked, as well as using multi-factor authentication.
Bank of America Third-Party Data Breach
Attackers understand that large banks have robust cybersecurity measures to protect their networks. However, many third parties lack similar resources and may not yet prioritize cybersecurity education or infrastructure. This makes them more likely to be targets for cybercriminals seeking vulnerabilities to exploit when sharing data with major institutions. This incident underscores the critical need for financial institutions to strengthen third-party vendor security protocols and ensure robust data protection measures.
The ransomware group LockBit orchestrated a breach targeting Bank of America in February 2024 via its third-party vendor, Infosys McCamish. Personal information—including names, Social Security numbers, and account details of over 57,000 individuals—was compromised.
Ascension Ransomware Attack
Such attacks necessitate comprehensive cybersecurity strategies to safeguard critical healthcare infrastructure and ensure uninterrupted patient care. Moreover, ensuring robust disaster recovery plans and reliable backups can get services back on track faster, which is particularly crucial for healthcare systems, because extended delay can directly impact patient care and safety.
Ascension, the owner of 15 hospitals in Michigan, fell victim to a ransomware attack in May 2024 that disrupted electronic health records systems, phone systems, and scheduling processes. Non-emergency procedures and appointments were suspended, highlighting the operational impact of cybersecurity incidents on healthcare services.
New York City Metropolitan Transportation Authority (MTA) Cyberattack
In 2020, research showed that municipalities, which are already vulnerable targets for cybercrime, faced 44% of global ransomware attacks—equating to approximately 133,496,000 incidents. An April 2021 cyberattack on the New York City Metropolitan Transportation Authority (MTA) compromised 18 systems, including those controlling train operations and safety mechanisms. This breach posed serious implications for public safety and operational continuity.
Following the attack, MTA swiftly implemented federally recommended security enhancements and mandated password changes and VPN switches for employees and contractors, illustrating proactive steps to fortify cybersecurity defenses.
Moving Forward: Prevention Procedures
Preventing security breaches requires a multi-faceted approach that empowers teams and safeguards organizational assets. Regular training sessions are essential to educate employees on identifying phishing emails, creating robust passwords, and understanding the importance of safeguarding sensitive information. This measure ensures everyone understands their role in preventing data breaches.
Strengthening asset management through classification, organization, automation, and continuous monitoring helps maintain an up-to-date inventory, facilitating informed decision-making and enhancing troubleshooting capabilities. Effective management and monitoring of access rights, supported by IAM, routine account audits, SSO, and multi-factor authentication, are also critical for ensuring only authorized personnel have access to certain resources.
Another strategy to prevent security breaches is implementing robust firewalls and antivirus software services, which can serve as the frontline defense against malicious threats. Regular updates to these defenses are crucial to identifying and addressing vulnerabilities promptly. Additionally, implementing automated data backup systems across multiple locations provides a safety net against data loss and physical damage, ensuring business continuity even in the face of unforeseen incidents. By integrating these preventive measures into comprehensive cybersecurity strategies, organizations can effectively mitigate risks and protect sensitive information from increasingly sophisticated cyber threats.
At Aunalytics, we are committed to preventing security breaches—protecting customer data is our top priority. We adhere to stringent security protocols, including regular employee training, robust encryption measures, and continuous monitoring of access controls. Our goal is to ensure our clients are utilizing the latest security technologies and best practices to stay protected, while having the right backup and disaster recovery strategies in place to get their businesses back up and running as quickly as possible in the event of a cyber event or disaster scenario.
The Key to Data-Driven Success for Mid-market Companies Starts Here
The Key to Data-Driven Success for Mid-Market Companies Starts Here
What’s the #1 pain point for IT professionals? According to the business knowledge resource Insights for Professionals, it’s data center management. With this reality in mind, the foundation of digital transformation success for a data-driven business must begin at the data center level, where servers store your data, CPUs power your computations, and your systems are ideally kept stable, operational, and secure for all users, including those accessing company systems and data from multiple remote locations. Competitive mid-market companies rely on data center engineers who specialize in uptime by proactively preventing downtime, as well as connectivity, storage, security, and monitoring.
Effectively managing data to support accessibility and security requires consistent monitoring and up-to-date solutions. Yet the latest research shows that investing in on-premise infrastructure for data management, compliance, and analytics is too pricey for most mid-market companies — and from the view of many IT directors, on-premise solutions have already morphed into old relics. In 2022, Insights for Professionals reported that nearly two-thirds (63 percent) of senior IT leaders and company executives aren’t planning to attempt to maintain servers on-premise. Instead, the majority of leaders surveyed plan to invest in cloud infrastructure as a service.
Moving into the Future
In short, entire businesses are migrating to the cloud, not just the technology. The infinite growth of data, applications, connections, and workloads will only further exacerbate businesses’ ability to adapt to new lines of business applications and platforms, meet security and governance requirements, and seamlessly orchestrate and analyze data for business outcomes. As a result, a growing number of mid-market companies are recognizing the value of working with partners to transition storage, computing, backup, and hosting services to cloud-based platforms to leverage the scale and compute power they can provide.
Gartner reports that by 2025, the vast majority — 85 percent — of enterprises will have already shifted over to a cloud-first approach. How did this changing of the guard occur so quickly? According to Gartner, it can be traced in part to the COVID-19 pandemic, which has accelerated cloud adoption since 2020, ushering it in as the “de facto new normal.” Gartner analysts including Gregor Petri even go so far as to state that “enterprise architecture and technology leaders should reject any new product that does not follow ‘cloud first’ as a guiding principle.”
Mid-Market Essentials
There are solid reasons behind mid-market businesses moving their data out of on-premise environments, particularly due to the efficiencies obtained from cloud-based business applications in multi-cloud and hybrid environments. This brings us back to data center vendors, who must then be ready to absorb the responsibility and cost of infrastructure capital expenses and maintenance — and it looks like many are already prepared to do so. In 2022 alone, nearly one-third (32 percent) of those surveyed by Insights for Professionals were planning to invest heavily in cloud management, to the tune of $500,000, while nearly 30 percent plan to spend even more. The largest part of this cloud management investment is being channeled toward security, with enterprises intending to spend 82 percent of this budget on data protection.
This is not a passing trend and is expected to have long-term consequences for purchase decisions in mid-market companies. By 2023, as scalability and cohesive cloud ecosystems join the ranks among the top three buying considerations for IT, Gartner anticipates that cloud architects will become key stakeholders when choosing tools for analytics and business intelligence. Here’s another surprising statistic to show the direction we’re heading in: while hyper-scale cloud providers (hyper-scalers) delivered and managed less than 1 percent of installed edge computing platforms in 2020, Gartner predicts this number to balloon to 20 percent by the end of 2023.
Different Needs for Mid-Market Players
There’s a catch, though, about hyper-scalers: most are not built for the mid-market. Therefore, mid-market companies won’t be able to reap the maximum benefit from the ability of traditional hyper-scale cloud providers to bring global business solutions, outsourcing, and consulting capabilities that can help other types of organizations migrate to, adopt, and build cloud-native offerings. It’s true that traditional hyper-scalers excel in leveraging the expertise of their cloud professionals to consult for platform re-architecture, application development, data migration, and transitioning services from technology stacks into macro- and microservices hosted in a data center on-premise, private cloud, public cloud (or any multi-cloud or hybrid combination thereof) — but not generally for mid-market companies.
Let’s drill down into some specific problems for mid-market players around hyper-scale cloud providers:
- It can be cost-prohibitive to obtain the level of help that most mid-market companies require, since most hyper-scalers are priced for large enterprises. Mid-market companies tend to need “white glove” services, which carry the highest price tag.
- Greater needs. Enterprises are more likely to already have in-house teams with the necessary skillsets to work with traditional hyper-scalers, compared to mid-market businesses that often have higher needs for expert help.
- No data analytics. While many enterprise hyper-scalers help migrate data to third-party cloud vendor platforms, their services end there, as they don’t offer data analytics.
Mid-market companies need technical experts to help build solutions on a mid-market budget — specifically, they require a hyper-scaler capable of providing an end-to-end solution focused on the mid-market sector. The goal in evaluating potential solutions providers should be for the cloud foundation to operate seamlessly with end-to-end data management and analytics solutions. With an end-to-end solution, mid-market businesses have the opportunity to obtain the results they desire without wasting time on a “Frankenstein” approach, assembling parts and pieces of multiple technologies and tools in an attempt to construct a reliable system that actually works. It’s only by going the end-to-end route that mid-market companies can receive the greater level of assistance they need on the technology front, as well as benefit from the robust data and analytics skillsets necessary to achieve meaningful business outcomes, without paying enterprise prices.
