What Businesses Can learn from recent High-Profile Cyber attacks Meta description In everything from ransomware, to supply chain breaches, recent cyberattacks reveal distinct patterns. What can every business learn and how they can turn lessons into a practical security strategy.
In the past 18-24 months attacks by cybercriminals have impacted the majority of industries you can imagine including retail, healthcare manufacturing, insurance, manufacturing, as well as critical infrastructure. In a lot of these cases the businesses were not targets because they are “the biggest” or “the most high-tech” They were targeted because hackers discovered gaps and exploited them.
This article will explain the lessons businesses can take from recent cyberattacks with a lot of attention and how you can turn these lessons into actionable steps, regardless of whether you’re a small business or a major company.
A quick review of recent attacks
To make this more real Here are a few instances from 2024-2025:
-
DaVita (healthcare): A ransomware attack on dialysis service DaVita affected about 2.7 million individuals, spilling sensitive lab data and resulting in at the minimum $13.5 million in incident-related expenses even though the core service for patients continued.
-
Muji & Askul (retail + supply chain): Japanese retailer Muji was forced to stop a lot of its online activities following an attack by ransomware hit the logistics company Askul which disrupted the browsing experience delivery, ordering, and potentially exposing personal information of customers.
-
Aflac (insurance): Aflac is one of the largest US insurer, was hit by an attack in which attackers gained access to the personal information of customers (including Social Security numbers and health information) via a sophisticated social engineering campaign tied to “Scattered Spider” group.
-
Victoria’s Secret (retail): A security breach caused Victoria’s Secret to shut down its its corporate systems as well as their US website, and even delay its earnings report until it repaired its systems and assessed the damage.
-
Norwegian dam (critical infrastructure): Authorities say hackers from Russia gained control over the dam’s valves in Norway and released water during an incident that they attribute by a weak password for critical systems. This is the stark reminder of the OT/ICS risks.
In addition, there is the lengthy list of 2024’s major security breaches ranging from major healthcare companies to cloud service providers such as Snowflake and major agencies that were hacked by Ivanti security vulnerabilities
And a distinct pattern is revealed: No industry is secure and fundamental weaknesses remain the primary entry points.
So, what do you think your business can actually accomplish do with these tales?
1. Make an assumption that it could be your experience
A common theme is found in almost every post-mortem report: companies didn’t expect to become the next big news story.
In 2025, the Global Threat Report from CrowdStrike has seen a sharp increase in the use of social engineering attacks, cloud intrusions and “malware-free” attacks that abuse legitimate tools rather than dropping obvious dangerous files.
This means that you shouldn’t rely on the traditional security perimeters or antivirus for protection.
What should you take away:
-
“We’re too small” is an untruth. Attackers automate scans and strike thousands of targets in one sweep. Size doesn’t shield you.
-
Consider that compromise is possible. Build your program around the detection and limitation of harm, not assuming that you are immune.
-
Plan for outages and data theft in conjunction. Modern attacks aim to disrupt the operation and get information.
Lesson 2: Your weakest link might be the supplier
The problem with Muji’s network didn’t start on its own network. It started with a ransomware attack within its supplier Askul. The issue at Askul’s supplier took off browsing, shopping or order records for its Japanese customers.
In the same way, many of 2024’s most significant incidents were involving cloud or third-party providers such as Snowflake and software vendors that exploited through zero-day vulnerabilities. The vulnerability later spread to a multitude of customers.
What can you learn from it:
-
Your vendor inherits your security policies. If your logistics payment, HR, or CRM provider is compromised and you’re inside the blast zone.
-
Contracts should include security requirements. Think: minimum security controls, audit rights, timeframes for notification of incidents, as well as the rules for handling data.
-
Maintain an updated “map” of who holds your personal information. Many organizations can’t provide an answer within one time period of an hour “Which vendors hold customer PII right now?”
Lesson 3: Ransomware is now stealing data and disruption
Recent cases in telecom and healthcare demonstrate that ransomware isn’t more only “encrypt and demand payment.” The attackers now move data to exfiltrate first, and then encode it and give the attackers two pressure points such as downtime and the possibility to leak data.
DaVita’s case, for instance was a case of operational disruption and unauthorised access to a laboratory database, which is a typical “double-extortion” pattern with financial as well as reputational, legal and financial consequences.
What should you take away:
-
Backups are essential, but they are not enough. You can restore systems, but the data may still be used to blackmail, fraud or resale.
-
You require strong data-governance along with encryption. Limit where sensitive data is stored, then encrypt it correctly, and reduce the number of copies and exports.
-
Try your own “oh no, our data leaked” scenario. Your incident playbook should include legal notifications, regulatory engagement in media and regulator engagement, but not only technical recovery.
Lesson 4: Your biggest enemy is your people surface
The Aflac breach wasn’t the result of advanced malware, it began through Social engineering. The attackers posed as tech support and tricked employees for access to their computers, as did other incidents that have been linked by”Scattered Spider “Scattered Spider” group.
According to 2024-2025 report, social-engineering and identity-based threats are surpassing traditional malware.
What should you take away:
-
Security awareness isn’t only a slideshow that is presented once a year. It has to be continuous, scenario-based, and particular to each role.
-
Secure access and identity. Enforce multi-factor authentication (MFA) as well as restriction of privileges and strict approval processes when it comes to sensitive tasks (like the reset of passwords, VPN access and new devices).
-
“stop and verify” normal. Teach staff that it’s acceptable to leave the line and call to call back at an official number, or to escalate suspicious calls to IT/Sec.
5th lesson – Critical infrastructure thinking is applicable to all
The Norwegian dam incident is terrifying in part because it was caused by something as simple as an insecure password for an important system.
Although you may not manage a dam or power grid, a lot of businesses are now operating operational technology (operational technology) IoT devices, IoT devices, and buildings management software connected to corporate networks ranging including smart HVAC to production lines.
What should you take away:
-
System segments that are critical to. Keep OT, IoT, payment systems, and critical business applications on networks that are well-segmented and not a flat platform with everything else.
-
Use “safety engineering” thinking. Ask: “If this device was remotely controlled by an attacker, what’s the worst-case impact?” and design controls are reversed.
-
Examine the Physical results. In tabletop exercises including “what if a cyber event causes a safety or physical incident” scenarios.
Lesson 6: Fast and honest incident response safeguards your brand
One area in which many companies performed well was rapid public recognition and apprehension as shown in numerous 2025 events in which companies shut down systems in advance by hiring forensic experts. They also alerted users early of interruptions.
Customers and regulators are increasingly judging your performance less based on the fact that an incident occurred, but more on the way you handled it..
What should you take away:
-
You require an incident response plan that’s been tested and not only created. CISA’s advisories repeatedly provide lessons, such as established roles, updated contact lists, and rehearsals of coordination between IT Legal, communications and IT.
-
Transparency is better than silence. Clear, timely updates, even if you aren’t sure of the answer will build trust over months without “no comment.”
-
Learn informally from every event. Mature organizations run “lessons learned” reviews and use the results to create changes to controls and training, and budgets.
Making lessons into a plan of action
There’s no reason to not read up on major attacks and then think, “We’ll just buy another security tool.” However, the most effective solutions are typically base-based and process-driven and not based on gadgets.
Here’s a simple plan that every business should consider starting:
1. Make sure you are aware of the basics and get them right
-
Inventory of assets: Learn about your essential storage systems, data sources as well as third party integrations.
-
Hygiene First: Secure configuration management, patch management, Endpoint security and MFA everywhere it is feasible.
-
Data mapping Find out where data that is sensitive is (customer financial information, PII as well as health information, IP) and who has access to it.
2. Enhance identity and access
-
Force the MFA to all access accounts, including remote emails, admin and email accounts.
-
Apply the least privilege People should be granted the access they need to complete their job and nothing more.
-
Access to review access after individuals switch roles or leave the organization; don’t let old accounts unchecked.
3. Reduce supply chain and third-party risk
-
Create an vendor risk questionnaire and security checklist to be included in the procurement.
-
Label vendors according to risk (e.g. the ones that have access to customer data as opposed to. basic utilities).
-
It is essential that key suppliers inform you promptly of security issues and also to adhere to the baseline control requirements (MFA encryption, MFA backups).
4. Prepare yourself for ransomware and data theft scenarios
-
Maintain offline backups that are tested and verified of the most critical systems as well as information.
-
Secure sensitive data both at both in transit and at rest. reduce unnecessary copies.
-
Playbooks that are written in advance to:
-
“Systems encrypted, but no data exfiltration confirmed.”
-
“Data exfiltration confirmed and likely to be leaked.”
-
Each should define who leads, who talks to regulators/customers, and how decisions (like paying or not paying ransom) are evaluated with legal and law-enforcement input.
5. Make sure that your employees are trained to behave as if they’re members of the security team.
-
Run regular Phishing simulations and micro-trainings with short follow-ups.
-
Tailor-made training: IT, finance, HR and executives are at risk and require different situations.
-
Promote the development of a no-blame culture of reporting Users must feel comfortable reporting “I clicked something weird,” to be able to contain the issue quickly.
6. Refine and test your incident-response muscle
-
Conduct tablestop activities at least every two times a year, with the leadership.
-
Include third-party events (“our SaaS provider was breached”) and physical impact (“attack on the building system”) to your scenarios.
-
Following each exercise or actual incident, take a picture:
-
What was successful?
-
What went wrong?
-
What policies or tools should be modified?
-
7. Make sure that security is aligned with the your board and business
-
Cyber-related risk in the present is an opportunity for business such as downtime, loss of revenue, fines from regulatory agencies Brand harm.
-
Utilize data points that are resonant with the leadership team such as average costs for breaches (often at least a couple of millions of dollars for each incident) and a rising frequency of breaches.
-
Secure investments with specific risks: “This project reduces the likelihood or impact of X scenario.”
Final thoughts: Consider each headline like a free exercise
When you hear about an attack on your computer on the news, resist the temptation to ignore it and go forward. Instead consider asking three questions:
-
Could this be happening in this case? (If yes, what is the process?)
-
What could the impact on businesses include? (Financial, operational or regulatory, reputational, etc.)
-
What do we like to see if we had put before?
Utilize the information to make one or two improvement each quarter. Over time, those small steps – more secure identity and stronger controls for vendors and more efficient incident response all add up to a more resilient company.
It’s impossible to predict if you’ll be ever targeted however you are able to be in control of the level of preparedness you have and how fast you react to an attack, and how much damage a criminal can actually cause.
