In SAPinsider’s latest
Cybersecurity focused research, the biggest factor for organizations when it comes to securing their SAP systems is the need to protect access to the data in those systems. However, almost as important is pressure to keep systems secure from ransomware and malware attacks. And when asked to rank the top cybersecurity threats to their SAP systems, the number one threat was that of ransomware attacks. Are you prepared for a potential cyber attack?
As an example of the growing threat of cybersecurity and ransomware attacks, recent
news articles highlighted growing attacker interest in VMware ESXi environments that have already begun hitting vulnerable systems around the world. While these threats are not directly targeting SAP systems, many organizations running SAP solutions are leveraging VMware virtual machines as part of their landscape. Attacks that can potentially impact ever virtual machine on a server or in a cluster can pose a significant risk to the enterprise.
The Risk of Cyber Attack is Real
While the number of respondents who experienced either a ransomware attack, credentials compromise, or cybersecurity attack that impacted their SAP systems seem relatively small when looking at the numbers individually, in combination they are much larger. For example, 24% of respondents from EMEA have experienced at least one of those attacks that impacted their SAP systems, 29% of those from North America have been impacted, and 39% of those from APJ have had some sort of cyber attack impact their SAP systems.
With security firms working in the SAP space,
such as Onapsis, talking about how the level of sophistication in attacks is increasing, and that attackers are more narrowly targeting specific systems and applications, organizations need to be aware that their SAP systems are at risk. Whether these attacks come from an attacker leveraging a known exploited vulnerability, such as those tracked in CISA’s
catalog of known exploited vulnerabilities, or there is a more targeted social engineering attack that targets individual employees, there are many ways in which an attack can succeed.
This is especially important when looking at how long it can take to restore business as usual in the event of an attack or exploit. While slightly more than half of those who indicated that they had been impacted by an attack (53%) said that they were able to restore business as usual within a week, for a quarter (25%) it was more than a month. Given the financial impact of SAP systems being unavailable can cost organizations thousands of dollars per hour, any organization that is not prepared for some sort of attack runs the risk of being exposed should one happen.
What Does This Mean for SAPinsiders?
Even if there is no expectation of a cyber or ransomware attack or a credentials exploit impacting your systems, it is critical that you put plans in place to prevent an attack. In addition, you must be aware of how you will respond to an attack should one occur. Some steps that are recommended include:
- Develop a plan for responding to an exploit should one occur and ensure it is rolled out
- Schedule regular education sessions for end users to help make them more aware of attack vectors
- Regularly conduct application security testing, particularly on your SAP apps
- Monitor threat intelligence feeds for insight on newly discovered exploits
- Implement patches on critical systems as soon as is practicable after they are released
Premium
