In July 2025, Microsoft issued a notice alerting about a vulnerability in SharePoint that had been discovered And it was actively exploited. More than 9,000 organizations worldwide used by SharePoint Server They have seen each other affected For this security gap. The attackers took advantage of privileges on the server side to manipulate the keys of the machine and avoid the authentication methods in order to carry out the attacks.
SharePoint is a central system for many companies and is usually used for collaboration in documents between equipment. If it is compromised, not only will sensitive data be filtered from the company, but the entire business process could be paralyzed.
This incident shows the need to reassess and optimize existing data protection strategies. Only a comprehensive and multilevel cybersecurity strategy can protect corporate data and guarantee the continuity of the business.
How a multilevel defense strategy can help companies face a crisis
Taking as an example the recent cybersecurity incident in Microsoft SharePoint, the attackers did not directly attacked; They exploited a vulnerability of an external supplier to steal credentials and subsequently infiltrate the SharePoint system. Companies that really want to resist cyber attacks can no longer trust solely on firewalls or antivirus tools.
Instead, organizations must adopt a multilevel security approach to protect their data and systems. This includes security in Endpoints, network segmentation, data encryption, access controls, behavior detection and backup methods. Companies must also impose strict requirements on the suppliers with whom they work, guaranteeing that they meet cybersecurity standards, submit to periodic evaluations and audits, and establish clear regulations of compliance in security.
Let’s look at some key features and its importance within a comprehensive cybersecurity strategy:
- Strengthens safety in endpoints: implants detection and response solutions in Endpoints (EDR)as well as antivirus software to block threats proactively. Hackers usually start trying to violate a single endpoint. Once they succeed, they can compromise the entire system.
- Ensure your networks: Implement network and firewall segmentation to isolate critical systems. With intrusions detection and prevention systems (IDS/IPS)you can analyze traffic, detect anomalies, identify internal threats and immediately intercept suspicious connections.
- Protect your data: reduce the risk of leaks by encrypting personal and owners. Combine encryption with data loss prevention (DLP) to prevent sensitive information being copied, exported or loaded.
- Implement roles -based access controls: Apply Zero Trust principles and access with minimal privileges, together with multifactor authentication (MFA) to prevent identity theft. Integra Single Sign-On (SSO) y Identities and Access Management (IAM) to centralized identities and permits.
- Monitor and identify threats: take advantage of the advanced analytical abilities of Security Information and Event Management (SIEM) To collect and analyze safety events, block anomalous access and proactively detect emerging threats that can indicate an imminent attack.
- Update and correct systems regularly: Keep the software and hardware updated with patches to defend yourself from evolving cyber threats. Correct existing vulnerabilities and optimize long -term system safety.
- Make backup copies and recovery plans: Make backs from critical data on a regular basis and protect multiple versions and external copies. With reliable backups, companies can avoid paying and minimizing damage in case of a ransomware attack.
The Key of Cyberresiliencia: Business Continuity and Data Recovery Capacity
Backup copies are often considered the last defense line. When everything else fails and the data is encrypted or even deleted, backups are the only way for a company to recover its operations. To strengthen its cyber recreation strategy, a company must support all operational data, strengthen data insulation methods and verify the recovery capacity of copies periodically.
Since companies operate with a wide variety of platforms and tools, if any workload is unprotected, it can become a vulnerability ready to be exploited by ransomware. When the platforms and data stored in them are interconnected, companies must ensure that no backup is left back, including all sources and devices within their backup strategy.
Implementing a cyber system is necessary, since companies cannot only trust a single defense mechanism. Synology recomienda Companies take advantage of data isolation techniques like the immutability and the Offline copies. Immutable copies guarantee that the data cannot be modified or eliminated during the retention period, reducing the risk that backup servers are the objective of the attackers. Offline copies are physically isolated and cannot be accessed by external networks, thus reducing the risk of ransomware infiltration and human errors.
It is not enough to make data backs. The key is to verify its usability. Without checking the integrity of the copies, companies risk not being able to restore them when they need them, even if they exist. Organizations should implement vErification of copies and drills of disaster recovery as standard operations, and use solutions that incorporate compatibility with these functions to recover operations immediately in case of a ransomware attack.
Signed by: Marcos de Santiago, Business Unit Director South Europe Synology
