As we look back at 2024, it’s clear that the cybersecurity landscape has been more challenging than ever. Here, we highlight some of the top breaches of 2024 and the lessons we can learn from them.
National Public Data Breach
The National Public Data, a data broker providing online background checks, experienced one of the most significant breaches of the year. This breach exposed the names, social security numbers, phone numbers, and addresses of millions of people. The investigation revealed that passwords were stored in plain text form, highlighting an important security lapse.
Snowflake Data Breach
Snowflake is a cloud data platform used by many notable companies. Mid 2024, it experienced a series of breaches involving the theft of data from multiple companies using compromised credentials. AT&T, Ticketmaster and Santander Bank were part of the list of victims. Reports suggest that poor authentication mechanisms were at the root of the breach. Snowflake provides the infrastructure and security measures to protect data stored on its platform. However, it did not enforce multi-factor authentication (MFA) by default.
Windows Outage
On the 19th of July, a faulty update to CrowdStrike's Falcon Sensor security software caused a significant outage, crashing over millions of Windows devices globally. This incident disrupted various sectors under which airlines and airports. Thousands of flights were cancelled and countless travelers stranded at airports, with some facing delays and cancellations for several days. This highlights the importance of rigorous testing and validation of updates before deployment to prevent widespread disruptions.
Lessons Learned
Proactive measures are essential to prevent data breaches. Organizations and individuals alike should adopt robust security practices, including:
Implement Multi-Factor Authentication (MFA)
MFA adds an extra layer of security by requiring additional identification beyond just a password. This step, although simple, significantly reduces the risk of unauthorized access.
Data Encryption
Encrypt sensitive data both in transit and at rest. Encryption makes it difficult for unauthorized users to access readable data, even if they manage a breach.
Software Development Lifecycle
Having a software development lifecycle with checks between critical stages is essential to prevent faulty updates to be released.
Employee Training
Human error is a significant factor in many data breaches. Conduct regular training sessions to educate employees on recognizing phishing attacks and safeguarding sensitive data. A well-informed team can act as the first line of defense.
Supplier Qualification
Assess your supplier to ensure they align with your business needs, and set up agreements that clearly outline each party's responsibilities.
Comments