In the past year, we’ve seen that a single malware outbreak is all it takes to cost multiple companies hundreds of millions of dollars. What’s worse is that all of these companies could have avoided these expenses with basic maintenance and simple cloud-based security services.

By helping end-users shift their processes and data to secure cloud environments, using secure cloud access services, service providers can help those customers avoid the potential financial loss and reputational damage that comes from a data breach.

The scope and rapid spread of this year’s WannaCry ransomware attack took the world by surprise – as did its successor, NotPetya, which actively spread across company networks and brought industry giants to their knees. But the real surprise was the longevity of the impact as those companies experienced prolonged interruptons – producing significant lost profits, continued business interruption, and plunges in their share prices.

Cadbury parent company Mondelez International, for one, reported incremental recovery costs of $US7.1m ($A8.92m) and a 2.3 per cent drop in net revenues due to the NotPetya infection. Pharmaceutical company Merck reported interruptions to production and NotPetya-related costs approaching $US300m ($A376.83m), while it has been estimated that the recent theft of 143m consumers’ credit histories from Equifax will cost more than $US300m ($A377m) before it is remediated.

And those are just the direct costs: Equifax’s share price plummeted after the breach was announced, dropping from $US142.72 ($A179.27) to as low as $US92.98 ($A116.79) a week later; this translated into a $US10b ($A12.56b) hit to the company’s market capitalisation.
 

The consequences can be dire

A recent Ponemon Institute-Centrify analysis found that 40 per cent of Australian respondents’ companies suffered a data breach in the previous year, with share prices dropping an average of 5 per cent immediately after disclosure. Businesses with good security postures recovered the loss within an average of seven days, but those with poor security postures saw share price drops lasting for more than 90 days on average.

Then there’s the reputational damage: 70 per cent of surveyed consumers said they lost trust in a company after a data breach, while a third of surveyed consumers completely discontinued their relationship with the organisation. Companies losing more than 5 per cent of their customers reported an average loss from the breach of $US3.94m ($A4.95m).
 

Cloud-based data security is rapidly being recognised as a more desirable alternative for businesses with large, vulnerability-prone infrastructure that cybercriminals are just waiting to compromise.

Losses will, of course, vary depending on the company targeted and the nature of the breach, but past experience has shown that the true cost of not protecting your data will be significant no matter what your line of business.

The key, says DXC.Technology Director of Regional Security, Paul Gibbs, is to be ready with a mitigation strategy – and to consider cloud-based architectures that reduce exposure to the kind of carelessness that enabled WannaCry and other attacks.

“The cost of not protecting your data is equivalent to the risk that you’re prepared to take on,” he explains. “Not everything is patched as much as companies would want, and WannaCry and NotPetya exposed that. The organisation freezes until it gets a handle on the breach – and that can take weeks, not days.”

Those sorts of outcomes are enough to keep even the most jaded board members up at night – even more so because the breaches were one-off incidents that can be attributed to suboptimal IT patching practices and imperfect human employees.
 

Keeping your business secure

By removing critical infrastructure from the reach of internal technological or human mistakes, cloud-based computing platforms – and the cloud-based security tools that support them – are becoming front-line defence mechanisms in the fight to protect enterprise data.

Gartner predicts that security services, most of them cloud-based, will be the fastest-growing segment of the world’s $US86.4b ($A108.53b) security spend this year. “This is why so many companies are looking to the cloud,” says Gibbs. “It’s better than half the things they’ve had in their data centres, and they’ve had their protection set up beforehand.”

Growth in demand for business-protecting security services presents a significant opportunity for data specialists building on secure Cloud Access connections. A growing number of cloud-based compliance tools, for example, help enforce security and auditing requirements for standards such as the financial services industry’s PCI DSS.

Encryption platforms ensure the security of data stored in the cloud, which can be protected and rendered unreadable even if it is stolen. Incredibly, most companies still fail to take this basic protection. Security firm SkyHigh recently audited popular cloud services and found only 9.4 per cent encrypt data at rest, although this may increase as cloud providers boost their encryption service and adopt encryption-everywhere platforms like IBM’s new IBM Z mainframe.

The skills of most value to data providers who wish to become security experts are cloud-hosted identity and access management (IAM) and cloud application service broker (CASB) tools. These services allow end-users to centralise administration of access to sensitive data, restricting and preventing access to sensitive data from all manner of devices and users – and, like all cloud-security tools, offer the added bonus of being continually upgraded and patched.