Every record-breaking breach arrives wrapped in a sophisticated-sounding story. Strip the story away and the cause is almost always mundane: a misconfigured store, a credential that should have been rotated, an alert nobody was watching. This one was no different.
1. The basics fail more often than the exotic
It is tempting to imagine breaches as the work of elite adversaries. In practice, the biggest exposures tend to come from a database left open to the internet or a backup with no access control. Patching, configuration hygiene, and least privilege prevent more incidents than any single premium tool.
2. Data you keep is data you can lose
The scale of a breach is a function of how much you hoard. Every field you collect and never delete is a liability sitting on your balance sheet. Minimising what you store, and setting real retention limits, shrinks the blast radius before anything goes wrong.
What we tell every client after a breach makes the news
- Inventory your data, you cannot protect what you have forgotten you hold.
- Encrypt at rest and in transit, and manage keys separately.
- Rotate and monitor credentials; kill long-lived static keys.
- Practice your response before you need it, not during.
3. Detection time is the real score
Attackers often sit inside a network for months. The organisations that limit damage are not the ones with impenetrable walls, those do not exist, but the ones that notice intrusions in hours rather than quarters. Invest in logging, alerting, and someone whose job is to look.
“You will not prevent every intrusion. You can absolutely control how long an intruder goes unnoticed, and that number decides how bad the day gets.”
4. Transparency is a security control
How an organisation communicates after a breach shapes the damage as much as the breach itself. Clear, prompt, honest disclosure preserves trust; delay and spin destroy it. Treat your communications plan as part of your security posture, not an afterthought for the legal team.