Story image

Risky business: Avoid putting all your eggs in one basket

23 Apr 2019
Sponsored

Email is a key communication tool for businesses today, yet despite its importance, many businesses that transition to the cloud blindly rely on a single cloud service provider for day-to-day security, leaving them exposed to undue risk.

This is in comparison to a few years back when businesses methodically backed up servers to avoid data loss from IT incidents caused by cyber attacks, human error, or service failures.  

As more businesses move their email to the cloud services, such as Microsoft Office 365, organisations are not only putting all their eggs in one basket, they are putting all their eggs in the same basket as everyone else.

Recent research shows, however, organisations globally have begun to introduce third-party solutions in addition to Office 365 to achieve cyber resilience.

The study found that nearly one-third of organisations plan to use third-party solutions in addition to what’s available natively in Office 365.

In fact, 37% of the typical Office 365 budget in 2019 will be spent on a cheaper plan in conjunction with third-party security, archiving and other solutions.

More users mean more cyberattack opportunities

Email remains the most common attack vector for opportunistic cybercriminals.

Bad actors know they only need to infect one cloud-based email service user for a potentially large payoff.

Mimecast’s State of Email Security report indicated that nearly a third of Australian organisations have seen business operations affected by ransomware.

The same research revealed 83% of organisations have been hit by an attack where malicious activity is due to infected email attachments or URLs.

If you consider the average downtime Australian organisations experience following a ransomware attack is three days, the financial damage can add up quickly.

This is even without considering the intangible costs associated with being offline, such as the impact on customer relationships and business reputation.

Data protection doesn’t always stack up

Data protection capabilities that are integrated into cloud services such as Office 365 have been designed to protect against data loss caused by its own infrastructure failing.

Therefore, it’s important to recognise these email services don't necessarily offer protection against accidental deletion, data corruption, or malicious users.

Cloud email services can and do fail                

Widespread and increasingly common outages experienced by major cloud email services have put a spotlight on the need for businesses to be prepared for any unplanned and planned outages.

Every business continuity strategy should at least have a secondary off-premise recovery data centre to ensure that if anything were to happen to a primary site, there will always be a backup to reduce the impact of an outage.

Having email continuity as part of the strategy is equally important.

This will ensure that in the event of an outage, users have uninterrupted access to live and historic email and attachments.

Having constant email availability limits any downtime or complex duplication and ensures that business operations can continue regardless of the situation.

Layer up to avoid risk

To mitigate the cyber risks associated with cloud services, an effective cyber resilience strategy includes layered security protection, independent data storage and alternative access routes to key systems like email, for when the worst does occur.

With the inherent risks of single vendor reliance, there has never been a more important time for organisations to seriously consider implementing a cyber resilience strategy to avoid putting all their eggs in one basket.

Slack users urged to update to prevent security vulnerability
Businesses that use popular messaging platform Slack are being urged to update their Slack for Windows to version 3.4.0 immediately.
Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Deakin Uni scores double win with Exabeam partnership
Australia’s Deakin University is partnering with SIEM security company Exabeam in an effort to boost the university’s cybersecurity degree program and strengthen its SIEM capabilities.
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Voter vulnerabilities: Cybersecurity risks impact national elections
The outcome of elections have an enormous impact on the political and cultural landscape of any democratic society. 
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."