When One Click Can Cost Billions: Lessons from a Modern Cyberattack

Cyberattacks are no longer just technical incidents—they are business events with immediate and measurable financial impact. A recent global attack made that reality clear when a single coordinated action wiped more than 200,000 devices across dozens of countries. There was no ransomware, no sophisticated malware, and no prolonged intrusion. Instead, attackers used legitimate administrative tools to execute the attack, halting operations, and disrupting a global enterprise almost overnight.

The business impact was immediate and severe:

• 200,000+ devices wiped across 79 countries
• Up to 56,000 employees idled as operations halted
• $6–$8 billion in market value erased following the attack
• Downtime costs reaching hundreds of thousands per hour, compounding losses into the tens of millions

In a recent conversation with my colleague Ben Fuller, we walked through this attack step-by-step: how it unfolded, why it worked, and what organizations could have done differently. What becomes clear is that the most damaging attacks today rely on abusing trusted systems in ways that appear completely legitimate.

The Most Dangerous Attacks Don’t Look Like Attacks

What makes modern attacks so effective is how normal they appear. Rather than deploying malicious code, attackers increasingly rely on stolen credentials, privilege escalation, and trusted enterprise tools to carry out destructive actions. These “living off the land” techniques bypass traditional defenses because there are no clear indicators of compromise—only legitimate users performing harmful actions at scale. In this environment, any security model that assumes trust inside the network becomes a fundamental weakness.

Why Zero Trust Changes the Equation

Zero Trust addresses this challenge by removing the assumption of trust entirely. Every user, device, and action must be continuously verified, regardless of where it originates. This approach enforces least-privilege access, validates context such as device health and location, and monitors behavior in real time to detect anomalies. In a scenario like this, a command impacting thousands of systems simultaneously would immediately stand out as abnormal. With Zero Trust in place, what could have become a global disruption can instead be stopped or contained within seconds.

The Critical Gap: What Happens to Your Data?

Even with strong identity and access controls, no organization can eliminate risk completely. The more important question is what happens when attackers succeed. Many security strategies focus heavily on prevention but overlook the resilience of the data itself. If critical data can be deleted, encrypted, or corrupted, the business remains vulnerable regardless of how the attack started.

Protecting the Data Layer with Built-In Resilience

This is where a modern unstructured data platform makes a meaningful difference. Nasuni embeds security directly into the data layer through immutable snapshots, real-time anomaly detection, and rapid recovery capabilities. Data cannot be permanently altered or deleted, even by compromised administrative accounts. Suspicious activity such as mass deletions is detected as it happens, and clean versions of data can be restored in minutes rather than days or weeks. This shifts the focus from simply trying to stop attacks to ensuring they cannot cause lasting damage.

From Global Outage to Contained Incident

The impact of this approach is significant. Without resilient data infrastructure, an attack like this can lead to widespread operational shutdown, extended downtime, and major financial loss. With Zero Trust principles and data-layer protection in place, the same attack can be detected early, contained automatically, and remediated quickly. What would have been an enterprise-wide crisis becomes a localized and manageable event.

Resilience Is Now a Business Imperative

Cyber resilience has become a defining factor in business performance. The ability to recover quickly affects revenue continuity, customer trust, regulatory standing, and long-term competitiveness. Organizations that can withstand and rapidly recover from attacks maintain momentum, while those that cannot face cascading operational and financial consequences.

The Bottom Line

Cybersecurity is no longer just about keeping attackers out, but ensuring the business can continue operating when they get in. Threats will continue to evolve, and trusted systems will continue to be targeted. The organizations that succeed will be those that can detect threats in real time, contain them automatically, and recover without disruption. In today’s environment, the question is no longer if an attack will happen, but how quickly a business can move forward when it does.