I recently carried out a small experiment to highlight the importance of having constant monitoring on cloud environments, specifically those with Azure resources exposed to the internet. What happened next should make every CFO and IT decision-maker sit up and take notice.
The Experiment: Creating a "Secure" Virtual Machine
The attached video shows me creating a Windows virtual machine using a pre-set configuration from Microsoft themselves. Surely this will keep me secure, right? After all, it's straight from the vendor - what could go wrong?
Here's the truth: I followed Microsoft's own out of the box setup to the letter. Standard security configurations, default settings, the works. The kind of setup that thousands of businesses deploy every day, thinking they're protected.
The Reality Check: Hackers Don't Sleep
It only took about an hour for the first attempt, on a device which didn't exist to the world only 60 minutes prior. Hackers were already trying to 'brute force' their way into the machine by using commonly used usernames and passwords.
Spoiler alert: After 3 hours 12 minutes, we're now up to 35,897 individual attempts.
.png?width=960&height=476&name=Untitled%20design%20(8).png)
It's only a matter of time before they gain access.
Who's Trying to Break In?
The potential hacker was trying to access from 88.210.63.57 | FOP Dmytro Nedilskyi | Amsterdam, North Holland (probably behind a VPN). This isn't some sophisticated nation-state actor - this is bog-standard cybercrime automation that runs 24/7, probing every exposed resource on the internet.
Think about that for a moment. Your "secure" cloud infrastructure is being hammered by automated attacks every single minute of every day. These aren't targeted attacks - they're carpet bombing every IP address they can find.
What Most Businesses Get Wrong About Cloud Security
The reality is that default configurations - even from Microsoft - aren't enough. Not even close. Most businesses deploy cloud resources thinking:
- "It's Microsoft, so it must be secure"
- "We've followed the setup guide"
- "Surely hackers won't find us"
Wrong, wrong, and catastrophically wrong.
How Cloud Care Prevents This Train Wreck
With Cloud Care, we ensure that appropriate controls are being implemented to provide additional layers of security and repeatable, automated deployments ensure consistency.
In this instance, we would have an enforced policy which restricts access from outside of the UK. Not only that, if the policy is changed to allow from outside of the UK for whatever reason, if it hasn't been approved by TSG then the policy will be re-implemented on the next cycle - typically minutes, rather than days, weeks or until somebody spots it.
The Financial Reality
One cyber incident costs more than 3 years of our service. We're not an expense - we're insurance that pays dividends through improved productivity and competitive advantage.
The average cost of a single cyber breach? £3.78 million. Factor in:
- Lost productivity during recovery
- Regulatory fines (up to 4% of annual turnover under GDPR)
- Reputation damage
- Customer compensation claims
- Emergency security consultancy fees
How Many of Your Cloud Resources Are Exposed Right Now?
How many businesses constantly eyes on checking that their environment is optimised?
Here's what we typically find when we audit cloud environments:
- 60-75% of resources are misconfigured or over-provisioned
- 40% cost savings available through proper optimisation
- Multiple security gaps that would make hackers' jobs embarrassingly easy
What Cloud Care Actually Does
Licensing: We procure M365 on your behalf, ensuring you have the right tools without the licensing nightmares.
M365 Optimisation: We report usage monthly to ensure you are only paying for the licences that your people use. Your users also have access to TSG Academy which provides free of charge training that will help them make best use of the licence you are paying for.
User Support: We provide your users with best-in-class support, so they stay productive while staying secure.
Azure Optimisation: We work with you proactively to minimise your Azure consumption - typically saving 20% on cloud costs.
Real Savings Our Clients Are Enjoying
- Healthcare services client: 60% immediate savings on cloud costs, with another 40-60% expected through ongoing optimisation.
- Professional services client: 77% savings on monthly costs while switching from capex to opex.
- Housing association: 47% savings on running costs plus an additional 17% consumption saving across their entire cloud environment.
The Uncomfortable Questions You Need to Ask
- Who looks after your cloud infrastructure?
- Who is responsible for ensuring that you only pay for what your users actually use?
- Who continuously monitors your network for malicious activity?
- If it's internal - are you satisfied that they have the time to fulfil that responsibility?
- If it's external - what does that cost on an annual basis?
- If it's nobody - are you aware of the increase in cyber crime?
The Choice is Binary
You can either:
- A) Continue with your current setup and hope those 35,897+ daily attack attempts never succeed, or
- B) Implement proper cloud monitoring, security, and optimisation that actually works.
What Happens Next
Every day of delay is a day of vulnerability. We can start with a risk assessment to show you exactly what you're exposed to right now - no commitment required.
Our Cloud Care service constantly monitors your systems for suspicious activity. We either alert you to issues that need more investigation - or resolve them on your behalf.
Don't make the decision based on what you hope your current setup can handle. Base it on what 35,897 hack attempts in 3 hours actually tells you about the reality of cloud security.
The proof of the pudding is in the eating. Come meet our people. Make up your own mind.
Want to see exactly what's probing your cloud infrastructure right now? Contact TSG for a no-obligation security assessment that will show you precisely what attackers can see and access in your current setup.