Increased use of cloud e-mail services highlights need for improved cyber resilience
By Mikey Molfessis, cyber security expert at Mimecast SA.
The launch of Microsoft's first cloud data centres in Africa, with one in Cape Town and another in Johannesburg, is cause for celebration among SA's business sector, says Mikey Molfessis, cyber security expert at Mimecast SA.
As we hurtle into the fourth industrial revolution, access to cloud infrastructure will be critical to power artificial intelligence and edge computing innovation. And, while only Azure is supported at present, Microsoft plans to soon launch Office 365 from these data centres, offering organisations increased productivity. Amazon and Huawei also have plans to establish local data centres over the next few years.
However, the tendency of organisations to rely exclusively on single cloud service providers for day-to-day operations has exposed them to undue risk. With services such as Office 365, organisations are not only putting all their eggs in one basket, they are also putting all their eggs in the same basket in which everyone else is putting all their eggs.
The volume of users on cloud-based email services such as Office 365 means there is more malware created for these environments. Criminals know they have only one lock to pick to gain access, so they focus their attention on these cloud services because of the potentially large payoff.
As more businesses move e-mail and data to Office 365, there's an increased need to protect against malicious or accidental loss of data. Mimecast's latest E-mail Security Risk Assessment (ESRA) report, an aggregated analysis of tests that measure the efficacy of widely used e-mail security systems globally, including Office 365, illustrated the scope of the problem. Of the more than 232 million e-mails inspected, organisations' existing e-mail security systems missed more than 26 000 malware attachments, 53 000 impersonation attacks and 23 000 dangerous file types.
What you really get from Office 365
Microsoft offers certain protection-of-data capabilities as part of its Office 365 services, which are designed to protect against data loss caused by its own infrastructure failing. But these services don't always offer protection against accidental deletion, data corruption, advanced cyber attacks, or malicious users or administrators. These can often lead to downtime, which can bring business operations to a standstill. Continuity is essential to any modern organisation's efforts to maintain productivity, but is not always achievable when all business-critical applications run on a single cloud provider's infrastructure.
It's not only breaches, human error or technical error that can cause downtime for an organisation. Well-reported and widespread Office 365 outages, the most recent of which took place in Europe in mid-January, highlight what can happen when e-mail data becomes unavailable.
As more organisations move to Office 365, we're likely to see SA featuring on Downdetector's outage map. Outages pose serious productivity risks to users who rely on Software-as-a-Service monocultures to support their operations. Even more concerning is the possibility that employees will turn to their unsecure personal Gmail or Yahoo Mail accounts when Office 365 goes offline. You then have absolutely no control over e-mail activity.
Important data stored on Office 365 can also be lost because of accidental or malicious deletion or ransomware. If your organisation doesn't have an independent backup in place, and deleted data passes through short-term folders such as the Recycle Bin, Deleted Items folders or retention policies without being recovered, it is lost forever.
How can you improve cloud e-mail resilience?
To mitigate the risks associated with cloud services, organisations should look to improve their cyber resilience. An effective cyber-resilience strategy should include layered security protection, independent data storage and alternative access routes to key systems like e-mail, for when the worst does occur. The cyber-resilience strategy should further include a backup and recovery plan. This was always a priority for organisations when their systems were on-premises. The fact that data is now in the cloud does not change this.
South African organisations are arguably a step ahead of their international counterparts in their cyber-resilience efforts. The latest research by Mimecast and Vanson Bourne found that 49% of South African organisations have a cyber-resilience strategy in place, against a global average of 46.2%. But this still means that half of organisations are yet to have a comprehensive strategy in place.
Recent work by tech research company Osterman Research: "Why Your Company Needs Third-Party Solutions for Office 365", indicates that organisations globally are starting to supplement the service with third-party products to achieve cyber resilience. The study found that nearly one-third of organisations implementing Office 365 plan to use third-party solutions that will provide improved security, archiving or other capabilities, rather than relying on what is available natively in Office 365. In fact, 37% of the typical Office 365 budget in 2019 will be spent on a cheaper plan in conjunction with third-party security, archiving and other solutions.
Increased adoption of cloud services is a welcome development in the South African business sector and will support organisations as they strive for greater agility and scalability. But putting all your eggs in one basket, the same basket as everyone else, leaves you exposed to a broad range of risks that can have a debilitating effect on your operations. Using a third-party provider and having an effective cyber-resilience strategy provides a safety net and enables organisations to quickly return to standard operations without losing critical data or productivity.
Mimecast is participating in the ITWeb Security Summit, southern Africa's definitive conference and expo for information security, IT and business professionals. The 14th annual ITWeb Security Summit, to be staged at the Southern Sun Cape Sun on 23 May and the Sandton Convention Centre, Johannesburg, from 28 to 29 May, will be a high-profile conference and business exhibition featuring top international, African and local speakers delivering key insights across three focused tracks, interactive workshops and in-depth training courses.
The event will demystify emerging cyber security strategies in AI, blockchain, IOT, DevSecOps and more, and give delegates an understanding of how to increase their businesses' cyber resilience.
For more information, go to www.securitysummit.co.za.