Prioritizing Cybersecurity During Slowdown

⇨ Evaluate ways to improve security preparedness with existing tools

⇨ Observe the changing threat landscape and direct efforts on mitigating threat

⇨ Implement a rigorous patching strategy and stay up-to-date

According to SAPinsider’s latest research on Cybersecurity Threats to SAP Systems, the current economic climate is adversely affecting organizations’ planned cybersecurity projects. While over a third (35%) report that some projects are on hold, 29% are scaling back planned investments in the cybersecurity space. But the impact goes beyond this as one in five organizations (18%) reported a reduction in the size of their security teams.

Jason Cook, Field CTO Americas at Rubrik, highlights similar challenges with the customers he is working with. “IT in general, and in particular cyber security, is not as well funded as it was last year,” Cook states. “It is a harder economy, and interest rates are high, so we see opportunities pushing out. There has been a slowdown in solutions acquisition but directionally demand is strong.”

However, Cook emphasizes that despite budget reductions, there is still a desire to address cybersecurity risks, especially at the point of data. This corresponds to the SAPinsider’s research finding, which highlights that two of the top five areas of planned security investments are data related: data security tools, second on the list of planned investments, and data encryption, which is fifth on the list. Both enable organizations to protect data in their SAP systems, often cited as a significant challenge due to cybersecurity threats.

Aman Dhillon, Managing Director at Layer Seven Security, concurs that buyers are still committed to addressing cybersecurity risks. However, cost is becoming a more important factor in their decisions. Organizations are focusing more on licensing costs and the total cost of ownership (TCO) when evaluating cybersecurity solutions. TCO includes factors such as hardware requirements, installation effort, ease of maintenance, and services such as training and support. They are also investing more time to evaluate solutions and are increasingly performing proof-of-concepts before selecting a solution. Customers are also seeking ways to leverage the security capabilities of their Application Lifecycle Management (ALM) platforms such as SAP Solution Manager since usage rights are usually included in SAP licensing.

Onapsis CTO JP Perez-Etchegoyen asserts that organizations must be aware that the change in the economy does not correlate with in reduction in cybersecurity threats. “There is no question that there has been a hit in the cybersecurity budget. But threat actors aren’t going to slow down because of a recession. The risk is real, and the impact is huge. We see threat actors targeting organizations even more now than before,” Perez-Etchegoyen contends.

However, Perez-Etchegoyen believes that there has been a gradual resurgence in cybersecurity investments. While there had been some hesitation about spending for the last two years, projects were not scrapped, but only experienced delays. Many organizations took this time to re-examine and reassess their projects. But now, organizations are revamping and restarting their cybersecurity initiatives due to the unrelenting growth in cyberattacks and systems vulnerability.

What Does This Mean for SAPinsiders?

Many organizations are facing reduced budgets this year, which can impact organizations’ cybersecurity preparedness. This is particularly true if budgets are reduced for security teams or plans to improve security are put on hold. Given these decisions are not always within the control of SAP or security teams, how can SAPinsiders better manage these situations and prioritize cybersecurity?

• Evaluate ways to improve security preparedness with existing tools. Dhillon states, “organizations should realize that it is possible to have good, robust cybersecurity even in lean times.” A large part of this involves maximizing the value of existing security tools and solutions, particularly SAP solutions capabilities. SAPinsider’s events have hosted multiple sessions discussing ways to leverage SAP tools for security, which continue to be available to premium members. Additionally, SAPinsider and organizations like Layer Seven Security regularly publish articles and blogs about these topics that should be reviewed to help improve the usage of existing tools and capabilities.
• Observe the changing threat landscape and direct efforts on mitigating threats. Cook mentions fatigue in the marketplace when it comes to ransomware or malware attacks. He states that “the real danger is holding the IP hostage.” Accessing the database on which an SAP system runs may be difficult, but accessing user files, data exports or transfer files, and personal or financial data can be much easier. And this type of data can be more damaging than accessing an SAP database in terms impact length. This is why Cook says that following the activities of threat actors is important because organizations can then focus available resources on the most pressing threats.
• Implement a rigorous patching strategy and stay up-to-date. A recent CISA advisory highlighted that in 2022, threat actors were more likely to exploit older software vulnerabilities than recently disclosed vulnerabilities. One of their top recommendations is timely patch application and implementing a centralized patch management system. But Perez-Etchegoyen states that “the speed at which organizations apply patches is often too slow.” This isn’t on purpose but can occur when multiple tools create confusion about whether or not a patch is required. This is why organizations must have a patching strategy that ensures vulnerabilities are addressed before they can be exploited.