5 minute read
Watch out for silos in your cybersecurity
CYBERSECURITY
Watch out for SAP silos
in your cybersecurity
CYBERSECURITY
ERP is central to business operations, with 27 percent of employees using ERP systems regularly to perform their daily tasks. Business-critical application environments are both intricate and expansive. Not only are they made up of a wide array of elements across process and workflow, master data This means unplanned, unman- and data warehouses, underlying aged downtime of business-critical computational infrastructure, and applications can cause daily opera- large storage networks, but they also tions to grind to a halt, resulting in comprise dozens if not hundreds significant financial losses, produc- of interfaces and integration points tivity deficiencies and damage to with other IT applications inside and brand authority and customer trust. outside of the organisation, each of
Given the potentially destructive which is a potential vulnerability. implications, protecting ERP soft- This situation is further exacerware and ensuring continuity of service is vital but as bated by the fact that ERP systems are typically moniof today, our security measures cannot keep up with tored separately from other IT infrastructure, prohibiting the pace of development in businesses. 80 percent of the necessary correlation of data. Companies are often business leaders acknowledge that digitally fuelled in- simply unable to see what’s happening within the ERP novation is being introduced faster than organisations’ and the data passing through to the interfaces present abilities to secure it against cyberattacks, with compa- within other systems. nies experiencing 270 attacks on average in 2021 - a rise The success of ERPs is often reliant upon integraof 31 percent in 2020. tion with other internal applications and external data
Many threat groups are now sophisticated nation-state sources, such as HR systems or logistics databases. Howactors. Backed by immense resources, enabling them to ever, security gaps emerge when an enterprise finds itself continually advance their arsenal of attack methods, in the position where it has a lack of transparency over they are increasingly engineering their techniques in these interconnections. order to infiltrate business-critical applications. Such interdependency issues are further compounded
Without question, breaking into a business-critical ap- where any one ERP is often separate from a company’s plication is like hitting a jackpot for an attacker. Yet, un- other applications and infrastructure teams. Common fortunately, these malicious endeavours are all too often instances of such separation occur between an operating unobstructed, enabling threat actors to carry out truly team within IT and a process-design and process-maindevastating attacks with little to no resistance. tenance team within a business unit such as finance. In such instances, each team is run like a silo within each Cyber side-lined organisation, creating even more interfaces between the A recent McKinsey paper explains that while many or- security team and the ERP team. ganisations have hardened their systems, they are still Take SAP systems as an example. Leveraging something vulnerable to attack. This is because of a lack of under- of an independent network that has its own unique rules, standing about these threats and how best to protect SAP applications use multiple logs to capture events reltheir business-critical applications. Cloud migration evant to security. However, not only do these use varied comes first, side-lining cyber. However, even when or- formats and structures, but the company also uses its own ganisations do understand the risks, they fail to secure specific vocabulary to describe IT network equipment. the ERP systems properly owing to the sheer size and This lack of conformity with the security market at complexity of the task. large makes it incredibly difficult for SAP to be part of
BY TIM WALLEN
40%
an organisation’s central security strategy. While SAP does manage some of its own defences with an internal security information and event management (SIEM) solution, the key danger lies in the fact that it often remains siloed from a company’s wider security architecture, limiting the ability of security teams to monitor attack patterns effectively.
Blind spots
Adopting BCAS
Fortunately, there are solutions capable of bridging this gap. A new raft of business-critical application security (BCAS) solutions are emerging, which mitigate threats quicker by incorporating business critical applications with IT security. These are designed to ensure critical software applications are monitored thoroughly and centrally, aligning people, processes and technologies to bolster visibility Concerningly, a recent Twitter poll of all activities. saw 40 percent of respondents ad- Not only can BCAS bring critical mitting that their enterprise does application activity under the cennot include business-critical sys- tral security monitoring of SIEM, but tems such as SAP in their cyberse- equally they are able to automate curity monitoring. In addition, 27 compliance monitoring of critical appercent were unsure if it was included in their cyberse- plications and unlock time efficiencies thanks to readycurity monitoring at all. to-use controls, checks, dashboards and comprehensive
Further, when asked how they currently review SAP reports. logs for cybersecurity events or cyber threat activity, al- In the case of SAP, some BCAS solutions have been most 30 percent of respondents admitted to not review- designed specifically to solve the language barrier, effiing SAP logs in any way, and again, nearly 30 percent ciently and effectively integrating SAP data into any SIEM said they didn’t know if this was being monitored. system. When this divide between ERP and security is
Given that SAP serves as the core business-critical ap- broken down, BCAs become empowered to benefit from plication solution for many organisations, this is highly an arsenal of solutions including SIEM, security orchesconcerning. Indeed, not including this in the centralised tration, automation and response (SOAR) and user and security monitoring solution leaves organisations vul- entity behaviour analytics (UEBA), helping to unlock nerable and exposed to the risk of cyber threats. transformative threat insights.
Few companies recognise the importance of looking By tapping into the respective benefits of each of these for divergent user behaviour in ERPs, making them a solutions, security teams are empowered to focus on imblind spot, with many executives simply unsure of where portant tasks, prioritising incidents to help analysts identrue ownership of business-critical applications lies. tify and resolve incidents fast and keep businesses safe.
Breaking down the silos and integrating business-crit- Indeed, such technologies provide automated threat ical applications as part of the central monitoring solu- detection, investigation and response capabilities as well tion is therefore vital to improving ERP security. as accurate, risk-based analytics, assisting security teams
By correlating SAP data with infrastructure data, it be- in stamping out the threat of advanced attacks. Armed comes possible to monitor events across the entire en- with this insight, the business is then in a position to terprise landscape. This holistic approach strengthens respond much more effectively to, and mitigate threats, threat detection, enabling the organisation to respond to protecting ERP systems from avoidable damage. incidents at speed across various applications, protecting the SAP system from unnecessary damage. Tim Wallen is regional director UK&I at Logpoint
