Ransomware and Cybersecurity Now as Much of a Reason to Migrate to Cloud as Cost and Innovation

With the cost of a single ransomware incident as much as £550,000 ($713,000) on average, Cloud is no longer just a cost effective option or a catalyst for digital transformation and innovation. It is now the preferred option for security as well.

Not long ago ransomware was a little-known phenomenon. Then a few months ago, the NotPetya and WannaCry ransomware variants took the world by storm and media coverage was dominated by successful intrusions against multinationals such as FedEx, WPP, Mondelez and Reckitt Benckiser (to name just a few). One of the organisation most heavily impacted by WannaCry in particular was the UK’s NHS.

Ransomware (where an attacker encrypts a computer or network until a ransom is paid) is, not however, the only threat. High-profile cybercrime such as data theft and computer hacks are occurring more frequently and with higher costs, but thankfully there may be a relatively easy solution. Cloud computing can provide the security that companies are searching for.

With security skills in high demand and short supply, many organisations are now looking to the cloud not only as a more cost effective option and a catalyst for digital transformation, but also as a more secure environment.

Previously organisations have needed to spend countless hours researching threats and trouble-shooting aging on premises systems, only to find themselves vulnerable to threats either from the inadvertent actions of staff (as with Phishing) or to worms and ransomware if patches were not rolled out quickly or efficiently enough.

Typically cloud providers have the security operations and skills to respond quicker to threats, allowing their customers to focus on their own business operations instead.

The cost of cybercrime is mounting. Research by Kaspersky Lab has found a single ransomware incident can cost a company more than £550,000 ($713,000) on average, including not only the costs of paying the ransom, but also the related losses, such as value of lost data, the expense of improving infrastructure and the cost of repairing brand image. The recent ExPetya cyberattack hit more than 12,000 machines in over 65 countries.

In fact the average ransom demand at a little over $300 is relatively insignificant when compared to all the costs associated with recovering from a malware attack: cleaning up, restoring a back-up, and making sure the network is functioning.

Ironically, while security has always been seen as an inhibitor for cloud adoption, the reality is that cloud computing can actually be safer for a company than investing in its own cybersecurity.

The top cloud computing providers have the very best skills, tools and internal practices in place. For firms like UKCloud high levels of security and assurance are core to their business.

The main motivation for migrating to the cloud may originally have been cost saving, but security is rapidly becoming a key factor. After all specialist cloud providers are able to invest far more into the security of their infrastructure than their individual customers ever would or possibly could. They also have the talent in cyber security which their customers typically lack as well.

New EU directives are also threatening organisations with fines for not taking cybersecurity seriously enough. Firstly, the EU’s Network and Information System’s (NIS) directive focuses on boosting cyber defences for key service providers. One of the proposals is that firms could face fines of up to £17 million or 4% of global turnover, if they are proven to not have taken effective cyber security measures and this led to the loss of an essential service. Then there is also the EU’s upcoming General Data Protection Regulation (GDPR), which has recently been incorporated into the UK’s proposed new data bill, that allows the government to impose similar sized fines on firms for not effectively protecting personal data.

The first of these, NIS is aimed at organisations that “provide a service which is essential for the maintenance of critical societal and/or economic activities”, and so will impact those operating in the electricity, water, energy, transport, health and digital infrastructure sectors.

This means that if the NHS experienced another incident such as WannaCry, it would not only face the cost of the ransomware incident itself (costing as much as £550,000 on average for a single incident), but could also face massive fines under NIS for any interruption of service as well as possibly similar fines under GDPR for any loss of Patient Identifiable Data (PiD).

There has therefore never been a more compelling argument for migrating to the cloud – especially for those operating in the electricity, water, energy, transport, health and digital infrastructure sectors.