In July 2025, Microsoft issued a warning about a SharePoint vulnerability that was actively exploited. The vulnerability affected more than 9,000 organizations using SharePoint Server worldwide. Attackers abused server-side privileges, manipulated machine keys, and bypassed authentication procedures to gain access to systems.
SharePoint is a core collaboration platform for companies, often used to share documents between teams and manage projects. If such a system is compromised, it can not only lead to the leakage of sensitive data, but also paralyze the entire business process.
This incident clearly highlights the time to rethink and optimize existing data protection strategies. Only a comprehensive, multi-layered cybersecurity approach can protect corporate data and ensure business continuity.
How a multi-layered defense strategy helps companies in a crisis
The recent Microsoft SharePoint incident illustrates that attacks are rarely direct: cybercriminals often exploit security flaws in a third party to gain access to privileges and then enter internal systems.
Companies that take cyber threats seriously cannot rely solely on firewalls or antivirus. Instead, they must adopt a multi-layered security approach that covers:
- endpoint device protection,
- network segmentation,
- encryption of data transmission and storage,
- authorization management,
- behavioral threat detection,
- and regular backups.
They must also set strict requirements for their suppliers, ensuring that they also comply with cybersecurity regulations, undergo regular security audits, and operate within clear regulations.
Key elements of a cybersecurity strategy
1. Strengthen endpoint protection
Use Endpoint Detection and Response (EDR) solutions and up-to-date antivirus to proactively block threats. Attacks often start with a single endpoint compromise, which can quickly spread to the entire system.
2. Secure your networks
Implement network segmentation and firewall protection to isolate critical systems. Use IDS (Intrusion Detection System) and IPS (Intrusion Prevention System) systems to analyze traffic, identify anomalies, detect insider threats, and immediately block suspicious connections.
3. Protect your data
Reduce the risk of data loss by encrypting personal and business data. Combine this with Data Loss Prevention (DLP) tools to prevent sensitive information from being copied, exported, or uploaded without authorization.
4. Implement role-based access management
Enforce zero trust and least privilege, complement it with multi-factor authentication (MFA), and use SSO (Single Sign-On) and IAM (Identity & Access Management) systems to centrally manage identities and permissions.
5. Monitor and identify threats
Use a SIEM (Security Information and Event Management) system to collect and analyze events, block suspicious data access, and identify potential attacks early.
6. Update your systems regularly
Install software and hardware updates regularly to protect against emerging threats and eliminate existing vulnerabilities.
7. Create backups and recovery plans
Back up critical data regularly, with multiple versions and off-site copies, to avoid paying ransom and minimize damage in the event of a ransomware attack.
The key to cyber resilience: business continuity and recoverability
Backups are the last line of defense. If all other layers fail and your data is encrypted or deleted, backups are the only way to get your business back up and running.
To strengthen your cyber recovery strategy, you need to back up all operational data, strengthen data isolation, and regularly verify the recoverability of backups.
As companies use more and more platforms and devices, each workload and data source must be included in the backup strategy to ensure that no system is left unprotected.
Synology recommends using data isolation techniques such as immutable backups and offline backups for cyber resilience. Immutable backups ensure that data cannot be modified or deleted during the retention period, while offline backups are physically isolated from the network, reducing the risk of ransomware intrusion and human error.
Backup alone is not enough. Data verification is key: if you don’t regularly verify the integrity of your backups, recovery after an attack may not work. That’s why it’s essential to perform backup verification and recovery tests regularly, and to use solutions that provide built-in support for these processes. This way, you can quickly and efficiently restore your business after a ransomware attack.