What are the primary factors that can lead to SaaS downtime for your business? What can downtime cost your business? We have all heard the expression, “time is money.” When it comes to losing access to business-critical data, this is undoubtedly the case. Downtime due to a data disaster can devastate a business such that it may not recover. It underscores the importance of understanding the significant factors that could cause downtime for your business and having the tools and solutions in place to recover. It includes cloud SaaS environments.
How much does SaaS downtime cost?
The bottom line for each business is different. There are various factors that each company must take into account when performing a cybersecurity risk assessment and determining the cost of downtime to the business.
According to a Gartner report in 2014, the average cost of IT downtime is $5,600 per minute. At the low end, downtime can cost $140,000 per hour, $300,000 in the middle, and $540,000 per hour at the top. Keep in mind that these figures are from 2014. More recent reports raise the $5600 per minute estimate to closer to $10000 per minute. Those figures could even be higher today due to several factors, including the rise of ransomware, compliance penalties, and other factors.
Factors leading to downtime in cloud SaaS
Cloud Software-as-a-Service (SaaS) environments are wildly popular today. Businesses are migrating to the cloud in droves. Especially since the onset of the global pandemic, cloud services and solutions give companies the speed, agility, and flexibility that are hard to achieve on-premises.
With this move, cloud SaaS environments and other cloud solutions have become mission-critical. Businesses now rely on the cloud’s data, services, and solutions for business-critical activities and day-to-day operations, especially since the significant shift to the remote workforce.
With this reliance on cloud SaaS and other solutions, organizations must understand the primary risks for data loss in cloud environments. Without understanding the source of the risks to data, it is difficult to protect from data loss events adequately. What are the primary factors leading to downtime in cloud SaaS? Let’s consider the following:
- Human error
- Ransomware and cyberattacks
Human error is inevitable. For decades, organizations have dealt with the missteps and mistakes of employees and the resulting data loss. Unfortunately, employees may update, delete, and modify data they didn’t intend to change. Data loss can range from the loss of a single file, a folder, or an entire company database.
A quick google search on human error disasters yields pages upon pages of results similar to “Man accidentally deletes his entire company with one line of bad code.” So, it can happen at the hands of both those who are technically skilled and those who are not.
Human error is commonly cited as the leading cause of data loss and data breach events. A post by The Hacker News called “Why Human Error is #1 Cyber Security Threat to Businesses in 2021” stated:
Almost all successful cyber breaches share one variable in common: human error. Human error can manifest in a multitude of ways: from failing to install software security updates in time to having weak passwords and giving up sensitive information to phishing emails.
While most of the human error events can be considered mistakes and accidental, damage to business-critical data can also happen intentionally. For example, a disgruntled employee can take out frustration and rage against an organization by intentionally damaging data or taking systems offline.
Disgruntled employees with malicious intent don’t require cyber skills. Any inside employee already has a general knowledge of the organization’s systems, software, applications, and physical infrastructure. They also may have the trust of coworkers around them so as not to raise the alarm when they do things that are a bit abnormal, like walking into a server room. Disgruntled system administrators are even more dangerous since they generally have high-level administrative access to business-critical systems.
Cloud SaaS environments may seem impervious to the dangers that come from human error. However, in reality, most of the same risks from human mistakes can wreak havoc on cloud SaaS as well. Keep in mind cloud SaaS is simply your data in someone else’s data center running in their application stack.
Ransomware and cyberattacks
An alarming threat is on the rise and is wreaking havoc on businesses worldwide. Ransomware and cyberattacks have been steadily increasing in frequency, targets, and sophistication. In a PBS news post, it was stated:
“Between 2019 and 2020, ransomware attacks rose by 62% worldwide, and by 158% in North America alone, according to cybersecurity firm Sonicwall’s 2021 report. The FBI received nearly 2,500 ransomware complaints in 2020, up about 20 percent from 2019, according to its annual Internet Crime Report. The collective cost of the ransomware attacks reported to the bureau in 2020 amounted to roughly $29.1 million, up more than 200 percent from just $8.9 million the year before.”
Ransomware is undoubtedly on the rise, and criminals are setting their sights on large organizations with the cash to payout millions to get their data back. However, like other data loss culprits, we have already mentioned, ransomware is not just an on-premises problem. Modern ransomware variants are increasingly adding cloud SaaS capabilities. These allow ransomware gangs to leak and lock data in Gmail, Exchange Online, SharePoint, Google Drive, and OneDrive for Business, just to name a few.
How attackers can target cloud SaaS data
As mentioned, businesses are leveraging cloud services more than ever. Criminals know this and are steadily adjusting their tactics to target data housed in the cloud. Attackers can target cloud SaaS data with ransomware using:
- File synchronization
- Malicious cloud SaaS apps
File synchronization can threaten cloud SaaS data. For example, suppose an end-user client is attacked with ransomware. In that case, local files are encrypted by the ransomware attack and then synchronized to the cloud, overwriting the good copies of your data.
Malicious cloud SaaS apps are the more accessible and common way cloud SaaS data can be encrypted with ransomware. Cybercriminals use clever phishing emails to masquerade malicious cloud SaaS applications as legitimate, even trusted applications.
An unsuspecting end-user opens the email and is directed to grant the cloud permissions needed to the application so it can “properly install” into the environment. Instead, unbeknownst to the end-user, they are giving OAuth cloud authorization to the malicious cloud application containing ransomware.
This type of attack is becoming more common as organizations move data to cloud SaaS and have no cybersecurity risk assessment and control process for third-party applications installed in their cloud SaaS environment. Alarmingly, by default, both Google and Microsoft allow any user to install any application. This combination of factors becomes a breeding ground for drastically increased risk from cloud ransomware, resulting in data loss and data leak.
Ransomware attacks can lead to downtime that lasts hours, days, and even weeks in some cases. Some businesses never recover from the overall damage of a ransomware attack. Based in Sherwood, Arkansas, USA, the Heritage Company let 300 employees go after suffering a major ransomware attack.
In a statement from the company’s CEO:
“The ONLY option we had at this time was to close the doors completely or suspend our services until we can regroup and reorganize and get our systems running again. Of course, we chose to suspend operations as Heritage is a company that doesn’t like to give up”
If there are no proactive measures in place to stop or limit the scope of a ransomware infection, large quantities of data may be affected and require extended time to perform recovery. Recovering an entire data set from backups can be painfully slow. However, the alternative is bleak – negotiating with criminals and paying the ransom demanded.
Double encryption threat
Microsoft’s 2021 Digital Defense Report noted new ransomware tactics include double extortion. First, criminals extort money to recover encrypted data, and second, to keep the data from being leaked to the dark web. Criminals continue to find new and creative ways to extort money from victimized organizations.
Even if companies have the backups required to recover the encrypted data, cybercriminals are now exfiltrating the data first, so they have a good copy of the data to filter through and leak for additional leverage. Therefore, companies must proactively minimize the damage caused by ransomware to reduce the encryption and exfiltration risk.
Another factor that can affect downtime is cloud SaaS throttling. Both Google and Microsoft implement throttling by customer tenant organizations in their respective cloud SaaS environments to avoid the “noisy neighbor” situation. Under normal circumstances, throttling API connections to cloud SaaS environments is a good thing that prevents any single organization from affecting the performance of all other tenants.
However, when you are in a data loss scenario, the last thing you want to encounter is API throttling when you are working to recover your data from backups. However, this can certainly be a factor that leads to extended downtime for businesses affected by data loss events, such as at the hands of ransomware.
You can note Microsoft’s guidance on Microsoft Graph Throttling and important points customers need to keep in mind here:
Minimize cloud SaaS downtime
There are many things organizations today can do to minimize the risk to their cloud SaaS data and resulting downtime if disaster strikes. Having the right solutions in place for data protection and data security help to minimize the damage inflicted at the hands of ransomware or other cybersecurity risks and, by extension, minimize the SaaS downtime as a result.
SpinOne is a SaaS Security Posture Management (SSPM) solution that uses artificial intelligence (AI) and machine learning (ML) to protect your cloud SaaS environment intelligently. SpinOne provides several key capabilities that prevent widespread and extended downtime. In addition, it combines capabilities such as automated cloud backups and proactive ransomware protection.
SpinOne data protection
- Automated backups 1-3 times daily
- Choice of which cloud backup data is stored
- 100% recoverability of data
- Searchable backups to find needed files
- Backup encryption, both in-flight and at-rest
SpinOne provides automated backups for business-critical SaaS data
SpinOne automated ransomware protection
- Proactively searches for ransomware infection
- Blocks SaaS ransomware processes at a network level
- Searches for files affected by a ransomware attack after it is blocked
- Automatically recovers good copies of files from backup
- It automatically notifies administrators
SpinOne Ransomware Protection provides proactive ransomware protection for cloud SaaS
Protecting SaaS data in cloud services like Google Workspace, Microsoft 365, and Salesforce is your responsibility. Stay safe and schedule a demo.