A S$17,500 fine for a breach of nearly 700,000 records on systems with no firewalls, no MFA, no patching, and no network segmentation is a data point other small data aggregators will use when calculating remediation investment against enforcement risk. The organization was breached twice within six weeks through the same publicly accessible servers, and the exfiltrated data appeared on a hacking forum between the two incidents. That neither the first breach nor the dark web appearance triggered detection before the second breach is a Security Operations failure as much as a configuration one.
A S$17,500 fine for a breach of nearly 700,000 records on systems with no firewalls, no MFA, no patching, and no network segmentation is a data point other small data aggregators will use when calculating remediation investment against enforcement risk. The organization was breached twice within six weeks through the same publicly accessible servers, and the exfiltrated data appeared on a hacking forum between the two incidents. That neither the first breach nor the dark web appearance triggered detection before the second breach is a Security Operations failure as much as a configuration one.