Every October, organizations observe Cybersecurity Awareness Month, reflecting on digital safety and strengthen defenses. However, while general awareness campaigns are helpful, the most valuable lessons often come from real-world incidents.
In 2025, several high-profile cyberattacks disrupted critical services, exposed sensitive data, and revealed gaps in various organizations’ cybersecurity. Among them, these five stood out — not just for their impact, but for the lessons they offer any business working to shore up its security.
The PSEA ransomware attack
In March, the Rhysida ransomware group breached the Pennsylvania State Education Association (PSEA), a union that represents school employees. The hackers accessed the personal data of over 500,000 members and their dependents, including their Social Security numbers, medical records, and financial details.
As the attack demonstrated, ransomware isn’t just a corporate menace. Organizations of any size that hold vast amounts of personal data are increasingly becoming targets, especially those in the education, healthcare, and nonprofit sectors.
What can business owners do?
- Back up data: Keep off-site backups to ensure you can recover data without paying a ransom.
- Create a ransomware response plan: Prepare a plan to disconnect systems promptly, notify stakeholders, and assess the damage.
- Protect sensitive data: Implement encryption and strict access controls to make stolen data unusable, or at least difficult for attackers to access.
The Marks & Spencer social engineering attack
Over Easter weekend, British retailer Marks & Spencer suffered a cyberattack that disrupted critical systems during one of its busiest shopping periods. The attackers, linked to the Scattered Spider group, gained access via a contractor’s account through social engineering. The resulting disruption to eCommerce operations lasted nearly six weeks, with estimated losses of £300 million (around $400 million).
The attack proved that human factors, such as deception and poor judgment, can be as destructive as ransomware but with fewer software solutions to address them.
What can business owners do?
- Train against social engineering: Teach employees how to recognize and respond to phishing, impersonation, and other manipulation tactics.
- Limit third-party access: Give vendors and contractors only the minimum permissions they need to minimize the reach and impact of a compromised account.
- Enforce identity checks: Enable multifactor authentication and confirm any unusual requests through secure channels such as phone calls or instant messaging.
The UNFI cyberattack
In June, a cyberattack hit United Natural Foods, Inc. (UNFI), a major grocery wholesaler and the primary distributor for Whole Foods. The attack crippled UNFI’s digital ordering systems and automated deliveries, forcing a shift to manual operations that couldn’t keep up with demand. This resulted in widespread shortages across North American stores.
While the exact method of attack remains unconfirmed, the incident exposed the fragility of modern supply chains. Moreover, it illustrates how operational resilience now depends as much on robust cybersecurity as efficient logistics.
What can business owners do?
- Assess vendor security: Evaluate partners not just on performance, but on how well they protect their systems.
- Identify critical systems: Pinpoint the systems essential to daily operations, and establish manual or backup processes to take over during a disruption.
- Test contingency plans: Regularly test recovery solutions for effectiveness and run drills to verify your team can respond confidently.
The SonicWall device breaches
Between July and August, attackers linked to the Akira ransomware group targeted SonicWall virtual private network (VPN) appliances. Although it was initially suspected that the hackers were using a brand-new exploit, the investigation revealed they actually used an old vulnerability that had been public for almost a year. Many affected devices were in fact unpatched or misconfigured, leaving them vulnerable.
The entire situation highlights a critical risk: devices designed for protection, including firewalls and VPNs, can become liabilities if left unmaintained. Therefore, all security tools require constant oversight to prevent hackers from gaining direct network access.
What can business owners do?
- Install patches immediately: Apply updates as soon as they’re released to close known vulnerabilities.
- Monitor security devices: Watch for unusual activity such as VPN logins from unknown locations or sudden spikes in outbound firewall traffic.
- Audit configurations regularly: Remove default settings, unused accounts, and any excess access that attackers could use to breach your devices.
The Williams & Connolly zero-day attack
In October, the Washington, D.C.-based law firm Williams & Connolly experienced a breach caused by a zero-day vulnerability — an unknown flaw with no available fix at the time. Although no client data was confirmed stolen, attackers accessed internal email accounts, raising concerns across the legal industry.
Zero-day attacks like this expose a critical cybersecurity blind spot. Unknown until exploited, these vulnerabilities bypass standard defenses, leaving organizations unprotected. For businesses handling sensitive communications, this creates serious risks: compromised data privacy, increased legal liability, and a damaged long-term reputation.
What can business owners do?
- Isolate sensitive systems: Use network segmentation to limit how far attackers can move if they gain access.
- Use monitoring tools: Deploy threat detection systems like SIEM or EDR to track suspicious behavior, such as unusual logins or data transfers, that may signal an attack.
- Follow threat intelligence: Follow credible sources, such as the Cybersecurity and Infrastructure Security Agency, and apply preventive measures when threats are reported.
These incidents show that while cyberattacks aren’t always predictable, you can minimize their impact or even stop them before they begin. The key is combining in-depth preparation with reliable recovery.
Liberty Center One’s Data Protection Solutions keep your data safe through secure, high-performance storage, automated backups, and rapid replication. Together, these capabilities help prevent data loss and enable fast recovery when disruptions occur. Contact Liberty Center One today to get started.