WHY CYBER RESILIENCE IS ESSENTIAL FOR PUBLIC SECTOR DELIVERY
E mail downtime is frustrating for any organisation. In the business world, the frustration is commercial in nature as it results in a loss of productivity which often leads to a loss of customers and revenue.
However, when it comes to government departments and local authorities, downtime has a direct impact on the delivery of vital services to the community.
In today’s cyber threat landscape, malicious actors are constantly looking for new and improved ways to attack government organisations’ sensitive data such as child protection, public safety or healthcare institutions. These organisations all run on email and because citizens depend on them to constantly deliver services, they need to be secure, always online and able to recover data in the event of a crisis.
The public sector in South Africa is increasingly adopting the cloud, which is understandable as integrated productivity tools can be instrumental in improving how organisations operate and effectively deliver services. It is entirely plausible to believe that the majority of public sector services will be dependent on Office 365 very soon.
The benefits are obvious as different departments are able to not only share information and be more productive, but also save costs as creaking onpremises infrastructure can be decommissioned.
It’s important that there isn’t single vendor dependency for something as important as email. In fact, these departments should implement a cyber resilience strategy in the cloud to protect themselves from email-borne cyberattacks, business disruption and data loss. And yet, according to a Vanson Bourne and Mimecast study, only 23% of surveyed businesses and organisations in South Africa currently have a cyber resilience strategy in place.
Cyber-attacks and data breaches are becoming common place and it’s often prominent organisations with thousands or even millions of personal records that fall victim. It is therefore essential that any organisation that keeps the personal information of individuals should have the most advanced security in place. And when you consider the fact that several government departments are sharing the same service and hosting the data all in one place, the need for security becomes even more vital. An additional layer of security on any cloud service will provide
protection against email-borne impersonation attempts, malicious URLs, unknown malware attachments and advanced attacks like ransomware.
However, it goes beyond keeping your networks secure. In the event of a cyber-attack, organisations that deliver crucial public services can’t afford to be offline. They should be able to guarantee the safety and availability of critical data without an independent copy. And they should be able to continue operating effectively and deliver services that rely on the availability of email.
Breaches often lead to downtime, leaving employees unable to access every day tools like Microsoft Outlook or G-Suite by Google Cloud. This halts the delivery of vital services, which can have disastrous consequences.
It’s not only cyber-attacks that affect continuity. If Microsoft suffers an Office 365 outage, organisations that depend on the single cloud service don’t have much option but to wait until services are reinstalled.
Of course this is not limited to Microsoft. All IT systems and cloud services can fail, but when that happens in the public sector, it grabs headlines and affects lives.
For years IT teams have built disaster recovery plans on the belief that if IT fails, you’ll need a plan B. Nothing changes in a cloud-first world.
Cloud services clearly fail and if you don’t have an independent continuity service, your email will be down until Office 365 gets it back up again. Unfortunately, this could take hours or even days and could affect an entire region, which could
result in several government departments being affected at once.
The risks don’t stop with service continuity and security either. Hosting all your email and data with a single vendor raises important questions about data assurance. Do you have an independently verifiable additional copy of your data for when you need it?
Organisations need to consider the possibility of data loss or corruption after a cyber-attack or technical failure. The Vanson Bourne research showed that over half (53%) of respondents were completely confident that they would be able to restore all important files in the event of an emailborne ransomware attack.
A multipurpose archiving solution can help mitigate that risk by creating a digital corporate memory and allowing you to restore email on-demand. Government departments can be rest assured that their data is always available, always replicated and always safe in the cloud.
Many of us now live in a cloud-only world. So the question to ask ourselves is: what will happen when Office 365 goes offline, is hacked, corrupted or loses my data? Do we have a plan B? Do we have an effective cyber resilience strategy in place that will help us continue with business as usual when disaster strikes?
Moving email and its data to Office 365 exposes public sector organisations to significant single vendor continuity, security and data integrity risks that Microsoft alone cannot mitigate. Additional third-party cloud services are the only way to mitigate these risks.