Story image

Risky business: Avoid putting all your eggs in one basket

23 Apr 2019

Email is a key communication tool for businesses today, yet despite its importance, many businesses that transition to the cloud blindly rely on a single cloud service provider for day-to-day security, leaving them exposed to undue risk.

This is in comparison to a few years back when businesses methodically backed up servers to avoid data loss from IT incidents caused by cyber attacks, human error, or service failures.  

As more businesses move their email to the cloud services, such as Microsoft Office 365, organisations are not only putting all their eggs in one basket, they are putting all their eggs in the same basket as everyone else.

Recent research shows, however, organisations globally have begun to introduce third-party solutions in addition to Office 365 to achieve cyber resilience.

The study found that nearly one-third of organisations plan to use third-party solutions in addition to what’s available natively in Office 365.

In fact, 37% of the typical Office 365 budget in 2019 will be spent on a cheaper plan in conjunction with third-party security, archiving and other solutions.

More users mean more cyberattack opportunities

Email remains the most common attack vector for opportunistic cybercriminals.

Bad actors know they only need to infect one cloud-based email service user for a potentially large payoff.

Mimecast’s State of Email Security report indicated that nearly a third of Australian organisations have seen business operations affected by ransomware.

The same research revealed 83% of organisations have been hit by an attack where malicious activity is due to infected email attachments or URLs.

If you consider the average downtime Australian organisations experience following a ransomware attack is three days, the financial damage can add up quickly.

This is even without considering the intangible costs associated with being offline, such as the impact on customer relationships and business reputation.

Data protection doesn’t always stack up

Data protection capabilities that are integrated into cloud services such as Office 365 have been designed to protect against data loss caused by its own infrastructure failing.

Therefore, it’s important to recognise these email services don't necessarily offer protection against accidental deletion, data corruption, or malicious users.

Cloud email services can and do fail                

Widespread and increasingly common outages experienced by major cloud email services have put a spotlight on the need for businesses to be prepared for any unplanned and planned outages.

Every business continuity strategy should at least have a secondary off-premise recovery data centre to ensure that if anything were to happen to a primary site, there will always be a backup to reduce the impact of an outage.

Having email continuity as part of the strategy is equally important.

This will ensure that in the event of an outage, users have uninterrupted access to live and historic email and attachments.

Having constant email availability limits any downtime or complex duplication and ensures that business operations can continue regardless of the situation.

Layer up to avoid risk

To mitigate the cyber risks associated with cloud services, an effective cyber resilience strategy includes layered security protection, independent data storage and alternative access routes to key systems like email, for when the worst does occur.

With the inherent risks of single vendor reliance, there has never been a more important time for organisations to seriously consider implementing a cyber resilience strategy to avoid putting all their eggs in one basket.

GitHub launches fund to sponsor open source developers
In addition to GitHub Sponsors, GitHub is launching the GitHub Sponsors, GitHub will match all contributions up to $5,000 during a developer’s first year in GitHub Sponsors.
Check Point announces integration with Microsoft Azure
The integration of Check Point’s advanced policy enforcement capabilities with Microsoft AIP’s file classification and protection features enables enterprises to keep their business data and IP secure, irrespective of how it is shared. 
Why AI will be procurement’s greatest ally
"AI can help identify emerging suppliers, technologies and products in specific categories."
Are AI assistants teaching girls to be servants?
Have you ever interacted with a virtual assistant that has a female-based voice or look, and wondered whether there are implicitly harmful gender biases built into its code?
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
Data#3 to exclusively provide MS licences to WA Government
The technology services provider has won two contracts with the Western Australia Government, becoming its sole Microsoft licence provider.
Why cash is no longer king in Australia
Australia is leading the way in APAC for granting credit on B2B transactions.