Consequences of an inadequate data center security

SpaceDC Blog.jpg

“If a data center doesn’t prescribe to Murphy’s Law – that is operating under the assumption that anything can go wrong will go wrong- you shouldn’t be entrusting them with the security of your data.”

As we step into the era of technology, data has become businesses’ greatest asset. In our previous blog, Data center security: Threats against operability, we explored four areas companies must consider when selecting a facility to keep their information safe. But what happens if your data center is not adequately equipped? Here, we highlight the consequences a lack of security infrastructure can have on organizations.

Disruption to operations

In 2012, Hurricane Sandy took out at least eight data centers in Manhattan, New York. InterNAP's data center along Broad Street was submerged by floodwater, causing connectivity and server issues. Customers were even urged to shut down servers immediately. Datagram was among the worst hit by the hurricane. The NYC-based Hosting and Internet Services Provider suffered flooding in the basement of their facility, taking out servers hosting BuzzFeed, Huffington Post, Gawker and other sites. The lack of mitigation infrastructure to combat such natural disasters at these data centers left organizations like the United Nations and Bloomberg News unable to function.

An Infrascale survey conducted in May 2020 on small and medium businesses (SMBs) revealed more than a third (37%) of SMBs lost customers to downtime, highlighting the importance for a business to have a reliable and secure infrastructure preventing such situations from arising. Downtime affects any company that depends on online sales, as this means customers are unable to purchase products and services, which ultimately leads to loss in revenue.

Monetary loss

Cognizant, one of the largest providers of server hosting and IT services in the US, was a victim of a ransomware incident which negatively impacted its Q2 revenue in April 2020. Access to a series of services was cut and their servers were eventually inaccessible. Karen McLoughlin, Cognizant Chief Financial Officer said they expect this downtime to be within a range of USD $50-70 million for the quarter. In March last year, aluminium producer Norsk Hydro, also reported a ransomware incident, which cost total revenue losses of more than USD $40 million – a sum later adjusted to $70 million.

Marriott has also disclosed yet another security breach in April 2020 that exposed personal information such as names, birthdates, phone numbers and loyalty account numbers. This comes on the heels of their 2018 data breach, where a security investigation concluded that there was “unauthorized access” to a database holding hotel guest records. In 2019, UK authorities fined Marriott more than £99 million for the incident in 2018.

IBM's study of over 500 data breach victims — conducted by the Ponemon Institute — shows that most organizations incur only about two-thirds (67%) of their data breach costs in the first 12 months. They spend 22% in the second year and the remaining 11% more than two years after the incident as fines and legal fees accumulate in the years following a breach, and not in the immediate aftermath of one.

More attention is needed for data center security infrastructure, as there is no room for complacency in today’s evolving cybersecurity landscape when the consequences of a security breach could result in significant losses.

Reputational damage

The consequences of a data breach goes beyond potential fines. The reputational damage is just as devastating.

Following major revelations on Twitter in October 2019, VPN provider NordVPN confirmed it was hit by a security breach in March 2018. NordVPN admitted that it learned of the attack in April 2019, more than a year after it happened, but the company only went public some six months later in October 2019, after details were exposed on Twitter. NordVPN claims the breach was due to a fault by the data center that let an undisclosed IPMI (Intelligent Platform Management Interface) account to access the server.

Research has shown that up to a third of customers in retail, finance and healthcare will stop doing business with organisations that have been breached. Presently, with the advent of technology, information dissemination is almost instant, and organisations can become a global news story within a matter of hours of a breach being disclosed. Striving to restore the trust and confidence between stakeholders after a data breach is one of the most difficult task a company must overcome. Reputational damage is long-lasting and can have an impact on an organisation’s ability to attract new customers, future investment and new employees to the company.

An ICO survey conducted in 2020 found people are increasingly likely to choose service providers based on how their business critical data is protected, and some 73% of respondents mentioned they would hold companies responsible for data breaches involving their personal information. This shows the importance that we place on the security of our data. In other words, data centers must incorporate security measures from the ground up to protect the data of their customers.

SpaceDC understands the importance of security and we ensure our data centers are built to international standards. With 8 different layers of physical access controls at our facility and extensive protocols meeting TVRA standards, it is SpaceDC‘s top priority to safeguard your data all the way from design to mitigating threats.

Discover how SpaceDC maximizes security in our whitepaper or contact us for more information.