"The recommended approach was to give customers the option of an allow list to restrict network access, he said."
This is by far the most important advice, there is never a need to allow the entire world to connect to your database. All it takes is one bug, weak password or wrong setting and someone has access to all of your data.