Flaws in Azure are a reminder of the downside risks of digitization. Only some companies are well positioned to manage them.

Summary

Two security flaws in Microsoft’s Azure App Services could have enabled a hacker to exploit two vulnerabilities—including taking over the administration server—according to a new report by Interzer. The flaws were reported to Microsoft in June and subsequently addressed by the company.

Report

Analysis

The report serves as a reminder that even top tier cloud services like Azure have security flaws that if exploited can result in significant operational disruptions. These disruptions have significant implications for C-suites and investors alike.

Cloud services like Azure and AWS are now critical infrastructure on par with the electricity grid. As we have highlighted previously, while cloud is essential and in most cases is the right (and unavoidable) choice for enterprises, it does introduce security challenges that must be properly addressed. The public cloud of “thousands of “someone else’s computers” that compose it are concentrated in the hands of a few cloud service providers (CSPs), according to a recent Carnegie Endowment for International Peace report.

With ransomware incidents on the rise, investors and C-suites would be prudent to understand how significant the potential downside financial risks are for companies if such an event occurs, and what measures are in place to minimize the likelihood of it happening.

The Capital One breach last year involving a misconfigured AWS server illustrates the risk. Capital One was a market leader in creating operational efficiencies with technology to lower overhead costs. A more detailed analysis, however, suggested the company didn’t re-invest enough of the cash it generated from technology savings back into making its network and cloud more secure. Fortunately for the company and its shareholders, a strong balance sheet gave the company plenty of cash to address its cyber vulnerabilities, unlike another financial services company—Finablr—which went bankrupt in the wake of its own breach.

Cyberhedge research (supported by our ratings) confirms that companies with overly complex IT systems are more at risk of being breached than those with more streamlined systems. This is true in part because more complex systems are more expensive and difficult to protect.

Close

Instantly download research in our library and be the first to get access to new content

Denis Bolshakov

Log out

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website