PYMNTS Intelligence Banner June 2024

Fresh Wave of Major Cyberattacks Exposes Key Enterprise Security Weaknesses

On a weekly basis, businesses operating within security-critical industries are reminded that security is critical.

In just the past handful of days, three substantial cyberattacks on city governments, healthcare systems, and a sensitive data storage cloud infrastructure platform occurred independently.

On Monday (June 10), it was announced that a “significant volume of data” was stolen from at least 165 customers of multi-cloud data warehousing platform Snowflake, with the incident thought to be linked to earlier massive data breaches at Ticketmaster and Santander Bank; while the City of Cleveland suffered its own cyberattack on Sunday (June 9), forcing it to shut down its IT systems and citizen-facing services.

And across the Atlantic, in the U.K, the operations at a group of London hospitals were disrupted — and continue to be disrupted — after lab services provider Synnovis was targeted by a ransomware attack on Monday, June 3. The hospitals last week cancelled operations and tests, declaring the attack a critical incident, and the NHS (National Health Service) issued a call for O blood-type donors, because the  IT attack means the affected hospitals cannot match patients’ blood at the same frequency as usual.

Because that’s the most damaging thing about cyberattacks: Their repercussions linger, and their impact is felt through the affected target’s supply chain.

That’s why it has never been more critical for firms, particularly those operating within security-critical sectors like financial services and payments, to ensure that their cybersecurity defenses are robust and well-tended to, and that their employees are up to speed on best practices for modern cyber hygiene.

Read more: Managing Third-Party Risks Emerges as Key B2B Issue

Managing Cyberattack Fallout

The cybercriminals behind the Snowflake breach have publicly claimed to be selling stolen data from two more major firms, Advance Auto Parts and LendingTree, which were obtained from their enterprise Snowflake accounts.

American cybersecurity firm and Google subsidiary Mandiant is investigating the Snowflake attack and reported that the threat campaign has resulted in “numerous successful compromises” because of poor security practices on impacted accounts.

And the callout of poor security practices as a supply chain vulnerability serves as a good reminder and reason for organizations to take a look at their own cyber house and ensure it is in order. Cyberattackers and bad actors, after all, are looking to score and profit more so than they are to terrorize specific businesses, meaning it is often the easiest target that suffers a breach.

“The No. 1 thing that I would start with is good cyber hygiene,” Rosa Ramos-Kwok, managing director and business information security officer for commercial banking at J.P. Morgan, told PYMNTS, explaining that sometimes firms can fall behind on patching up legacy systems, which leaves aged software with “all sorts of vulnerabilities” in place because firms had “other priorities, or it was too expensive.”

Per the Mandiant report, “The impacted accounts were not configured with multifactor authentication (MFA) enabled, meaning successful authentication only required a valid username and password; credentials identified in infostealer malware output were still valid, in some cases years after they were stolen, and had not been rotated or updated; and the impacted Snowflake customer instances did not have network allow lists in place to only allow access from trusted locations.”

Read more: As Data Breaches Proliferate, New NIST Playbook Offers Recovery Tactics

No Business Is Attacked in a Vacuum

As PYMNTS has written, many of the fundamental challenges for organizations looking to maintain data security result from the sheer volume of an organization’s data, the many ways users can access the data (on-site versus remote, computer versus mobile device), and the potential for the compromise of valid user credentials being used by unauthorized users.

Within today’s business landscape, where partnerships are helping companies stand up modern infrastructure capabilities by streamlining the technical and engineering lift, it is important to stay on top and secure each link in the vendor supply chain.

“Identity theft, phishing and data breaches have all become more prevalent,” Mike Storiale, vice president of innovation development at Synchrony, told PYMNTS.

For example, Apple, which has built a sterling reputation on the back of end-user trust around its privacy controls and data security, has emphasized that per its new partnership with OpenAI announced during Apple’s annual Worldwide Developers Conference on Monday, ensuring the security of personal data remains a paramount priority.