According to research recently released by Palo Alto Networks, attackers do have vulnerabilities that they prefer to target. In the
2022 Incident Response Report, just six CVE categories accounted for 87% of vulnerabilities being exploited, and in 55% of incidents where the vulnerability was identified it was the ProxyShell category that was targeted. And in the
2021 Attack Surface Management Threat Report, they found that attackers start scanning for vulnerabilities within 15 minutes of a CVE being announced. This is in addition to older, unpatched vulnerabilities that they may be scanning for as well. Not all these necessarily impact SAP systems directly, but there are lessons that can be learned from looking at what attackers typically target.
Take Steps to Address Vulnerabilities
One of the biggest concerns that SAP customers have is around protecting the data in their SAP systems. And with two in five respondents to SAPinsider’s
cybersecurity focused research (41%) saying that they had experienced either a ransomware or malware attack, credentials compromise, or cybersecurity attack that had impacted their SAP systems, these threats need to be taken seriously by the SAPinsider community.
The fact that attackers not only are likely to exploit vulnerabilities correlates with one of the biggest challenges impacting SAPinsiders today—keeping up with patches and updates. This is more important than ever when it is clear not only that attackers regularly scan for known vulnerabilities, but also start scanning for new vulnerabilities within minutes of a CVE being announced. This means that organizations must make time to apply critical patches as soon as they are release by SAP. Failing to do so may mean that systems are already open to attack, but this can be extremely complex at global organizations where SAP systems must always be available and even planned downtime is difficult to schedule.
While many organizations are focused on the threat of ransomware attacks given their prevalence in the media over the past year, equal emphasis needs to be placed on other critical threats such as credentials compromise, often achieved via phishing attacks or bad password maintenance, and keeping systems patched. Organizations must also leverage strategies like conducting regular audits and assessments, implementing automated monitoring solutions, and ensuring that they are effectively training end users to protect credentials. These strategies will help provide a foundation for better protecting the data in your SAP systems.
What Does This Mean for SAPinsiders?
New and existing vulnerabilities are some of the biggest concerns that organizations can have when it comes to attacks on their systems. These can be in business application software, at the operating system level, or in the exchange of information across the enterprise. But what can organizations do if they are to better protect their systems from potential attacks and ensure that the data in them remains secure?
- Develop a patching plan that includes the ability to respond to newly discovered vulnerabilities
- Regularly conduct audits and assessments of your systems, network, and applications
- Implement monitoring tools that will help detect unusual activity
- Monitor threat intelligence feeds for insight on newly discovered vulnerabilities
- Ensure that you are paying attention not just to responding to ransomware or malware threats but remain focused on more traditional attack vectors such as known vulnerabilities
Premium
