Story image

Risky business: Avoid putting all your eggs in one basket

23 Apr 2019
Sponsored

Email is a key communication tool for businesses today, yet despite its importance, many businesses that transition to the cloud blindly rely on a single cloud service provider for day-to-day security, leaving them exposed to undue risk.

This is in comparison to a few years back when businesses methodically backed up servers to avoid data loss from IT incidents caused by cyber attacks, human error, or service failures.  

As more businesses move their email to the cloud services, such as Microsoft Office 365, organisations are not only putting all their eggs in one basket, they are putting all their eggs in the same basket as everyone else.

Recent research shows, however, organisations globally have begun to introduce third-party solutions in addition to Office 365 to achieve cyber resilience.

The study found that nearly one-third of organisations plan to use third-party solutions in addition to what’s available natively in Office 365.

In fact, 37% of the typical Office 365 budget in 2019 will be spent on a cheaper plan in conjunction with third-party security, archiving and other solutions.

More users mean more cyberattack opportunities

Email remains the most common attack vector for opportunistic cybercriminals.

Bad actors know they only need to infect one cloud-based email service user for a potentially large payoff.

Mimecast’s State of Email Security report indicated that nearly a third of Australian organisations have seen business operations affected by ransomware.

The same research revealed 83% of organisations have been hit by an attack where malicious activity is due to infected email attachments or URLs.

If you consider the average downtime Australian organisations experience following a ransomware attack is three days, the financial damage can add up quickly.

This is even without considering the intangible costs associated with being offline, such as the impact on customer relationships and business reputation.

Data protection doesn’t always stack up

Data protection capabilities that are integrated into cloud services such as Office 365 have been designed to protect against data loss caused by its own infrastructure failing.

Therefore, it’s important to recognise these email services don't necessarily offer protection against accidental deletion, data corruption, or malicious users.

Cloud email services can and do fail                

Widespread and increasingly common outages experienced by major cloud email services have put a spotlight on the need for businesses to be prepared for any unplanned and planned outages.

Every business continuity strategy should at least have a secondary off-premise recovery data centre to ensure that if anything were to happen to a primary site, there will always be a backup to reduce the impact of an outage.

Having email continuity as part of the strategy is equally important.

This will ensure that in the event of an outage, users have uninterrupted access to live and historic email and attachments.

Having constant email availability limits any downtime or complex duplication and ensures that business operations can continue regardless of the situation.

Layer up to avoid risk

To mitigate the cyber risks associated with cloud services, an effective cyber resilience strategy includes layered security protection, independent data storage and alternative access routes to key systems like email, for when the worst does occur.

With the inherent risks of single vendor reliance, there has never been a more important time for organisations to seriously consider implementing a cyber resilience strategy to avoid putting all their eggs in one basket.

What the future of fibre looks like in NZ
The Commerce Commission has released its emerging views paper on the rules, requirements and processes which will underpin the new regulatory regime for New Zealand’s fibre networks.
Gen Z confidence in the economy is on the decline
Businesses need to work hard to improve their reputations.
Why NZ businesses have less than two years to adopt digital before disruption hits
Research found that digital disruption is already impacting two-thirds of New Zealand organisations.
Dell EMC launches interactive AI Experience Zones
The AI Experience Zones are designed to educate visitors about how to start, identify, and implement an AI project.
What NZ can learn from the Baltimore cyberattack
“Businesses must control physical access to their computers and secure their networks."
Infratil seeks clearance to acquire up to 50% stake in Vodafone NZ
The commission will give clearance to a proposed merger if they are satisfied that the merger is unlikely to have the effect of substantially lessening competition in a market.
Hands-on review: MiniTool Power Data Recovery Software
I came across a wee gem of advice when researching the world of data recovery. As soon as you get that sinking feeling and realise you’ve lost a file, stop using your computer.
Deepfakes the 'next wave of concern' - but can law really stomp it out?
Enforcing the existing law will be difficult enough, and it is not clear that any new law would be able to do better. Overseas attempts to draft law for deepfakes have been seriously criticised.