What’s the risk
of being unsupported?

We live in a time of increasing cyber-attacks and security breaches. As councils hold a wealth of their community’s data including credit card information, health-related data, ratepayer information and business and development proposals, they are prime targets for cyber-attacks.

A recent enquiry by the NSW government into cyber security found that 80 per cent of councils were without a cyber security policy or framework, while 76 percent had not delivered cyber security training to all staff.

When a council in the north-east of England was hit by a ransomware attack earlier this year, its IT servers were disabled for months. The attack left Redcar and Cleveland Borough Council’s website inoperable and some officials having to use pen and paper to keep services running. Almost all functions of the council were affected, and the required response and consequential impacts had a forecasted loss of £10.144 million.

Service interruptions aside, privacy breaches have serious ongoing effects, as Sydney property valuation and consulting business, LandMark White (LMW) discovered throughout 2019. When 137,500 valuation records were stolen from LMW’s database in January and posted on the dark web, banks and other property sector businesses were forced to inform customers about the breach. LMW was suspended from the Big Four bank panels until adequate cyber security measures were in place. The reputational damage was devastating and LMW lost an estimated $7 million in revenue. A forced three-month trading halt eventually resulted in a declared a full year loss of $2.3m, rather than the $2.8 profit it was expecting.

Reputational damage is a significant consequence to prepare for. According to a global study by Gemalto, up to 70 per cent of consumers would be more likely to abandon a brand after it experiences a data breach. This can be for various reasons, from feeling like their data is unsafe, to the organisation’s public response to the breach.

As the number of cyber-attack instances continues to grow, even tech companies are vulnerable.

The increased adoption of video conferencing in 2020 led to 500,000 compromised Zoom accounts being sold on the Dark Web and other hacker forums. The data was stolen through a credential stuffing attack, where the hacker attempts to access an account using accounts and information that have been previously compromised in other data breaches.

Chief Information Officer
G&C Mutual

In a world of hackers and cyber security, we needed to make a change and moving to SaaS has erased all of these issues for us.

Despite the increasing frequency of cyber-attacks and the fall-out they induce, certain myths persistently prevail that an on-premise environment is somehow more secure than the cloud and that all cloud-hosted offerings are equal.

In truth, most organisations are ill-equipped to deal with increasingly sophisticated cyber-attacks in-house and using a third-party Managed Service Provider (MSP) is no guarantee either. Security considerations are a current concern for many organisations, as support for Windows Server 2008 was officially withdrawn early 2020. Users will now pay for security updates under an annual fee structure which applies to a point no later than 2023. If you’re now considering a major server upgrade – either on-premise or via a third-party MSP – then it’s time to investigate alternatives.

When G&C Mutual Bank decided the time was right for an upgrade, several options were investigated. G&C Chief Information Officer, David Chapman said security was a chief concern.

“An assessment of our previous MSP environment resulted in a lot of red flags. In a world of hackers and cyber security, we needed to make a change and moving to Software as a Service (SaaS) has erased all of these issues for us,” he said.

The benefits of SaaS go beyond superior security. Committing to an on-premise or MSP cloud-hosted delivery model means it is difficult to stay on the latest version of the software – or undertaking a complex, costly and error-prone process to upgrade. As Boards are increasingly being asked to sign off IT security and privacy risk assessments, shifting to a highly accredited SaaS platform will significantly and demonstrably reduce the IT security and privacy risk profile.

SaaS delivers operational efficiencies, including automatic upgrades, patch management and compliance obligations. That means less time in-house spent on operational IT support, freeing up resources to be redeployed into other parts of the business.

For Chapman, the benefits are ongoing.

“The implementation has introduced business process automation that wasn’t possible before. The benefits we’ve experienced have come a lot faster than we initially thought and are far more effective than we believed they would be. It’s been a win-win all around,” he said.

Publish date

23 Nov 2020

Ready to learn more?

To take advantage of the opportunities SaaS ERP can offer, complete the form to speak to a SaaS transition expert.