As we look back at 2024, it’s clear that the cybersecurity landscape has been more challenging than ever. Here, we highlight some of the top breaches of 2024 and the lessons we can learn from them.
National Public Data breach
The National Public Data, a data broker providing online background checks, experienced one of the most significant breaches of the year. This breach exposed the names, social security numbers, phone numbers and addresses of millions of people. The investigation revealed that passwords were stored in plain text form, highlighting an important security lapse.
Snowflake data breach
Snowflake is a Cloud data platform used by many notable companies. In mid-2024, it experienced a series of breaches involving the theft of data from multiple companies using compromised credentials. AT&T, Ticketmaster and Santander Bank were part of the list of victims. Reports suggest that poor authentication mechanisms were at the root of the breach. Snowflake provides the infrastructure and security measures to protect data stored on its platform. However, it did not enforce multi-factor authentication (MFA) by default.
Windows outage
On 19 July, a faulty update to CrowdStrike’s Falcon Sensor security software caused a significant outage, crashing over millions of Windows devices globally. This incident disrupted various sectors, among them airlines and airports. Thousands of flights were cancelled and countless travellers stranded at airports, with some facing delays and cancellations for several days. This highlights the importance of rigorous testing and validation of updates before deployment to prevent widespread disruptions.
Lessons learned
Proactive measures are essential to prevent data breaches. Organisations and individuals alike should adopt robust security practices, including:
- Implement multi-factor authentication (MFA): MFA adds an extra layer of security by requiring additional identification beyond just a password. This step, although simple, significantly reduces the risk of unauthorised access.
- Data encryption: Encrypt sensitive data both in transit and at rest. Encryption makes it difficult for unauthorised users to access readable data, even if they manage a breach.
- Software development lifecycle: Having a software development lifecycle with checks between critical stages is essential to prevent faulty updates to be released.
- Employee training: Human error is a significant factor in many data breaches. Conduct regular training sessions to educate employees on recognising phishing attacks and safeguarding sensitive data. A well-informed team can act as the first line of defence.
- Supplier qualification: Assess your supplier to ensure they align with your business needs, and set up agreements that clearly outline each party’s responsibilities.
For a free white paper outlining five SaaS data security essentials, please click here.