How Prepared Are You for a Cyber Attack?17, October 2018
There is a hacker attack every 39 seconds. The average cost of a data breach in 2020 will exceed $150 million. By 2020 we are going to have 35 zettabytes (that’s 1,000,000,000,000 gigabytes) of data and over a third of which will live in the cloud. Not surprisingly the size and impact of data breaches will continue to grow exponentially.
A recent research study from Onapsis has revealed that cyber attackers are increasingly targeting ERP applications like SAP that support the organization’s crown jewels and house business-critical data. Companies with ERP applications like SAP are facing threats from increased ERP vulnerabilities, unintentional leaking of technical information, behind-the-firewall approaches to steal SAP credentials, poor password hygiene and hacktivists. And, this is just the tip of the iceberg.
Companies also have to contend with the more pervasive of all cyber attacks — the ones committed within the walls — insider attacks. Internal threats continue to grow with a five percent year-over-year increase. Multiple studies have revealed that companies are far from being prepared for instances when an insider turns on the organization or commits an unintentional mistake. Compounding this challenge is the utter lack of visibility when it comes to a user’s access. Without understanding what the employee/user has access to and whether the privilege is being used appropriately, companies are at a complete disadvantage to fight any potential insider attack.
Gartner forecasts that companies will spend $124 billion in 2019 on cybersecurity — a nine percent increase from 2018. But how can the IT security team ensure they are spending their budget judiciously?
Here is the homework that needs to be done before putting forth a cybersecurity strategy:
Assess all potential entry points for an attack
This requires visibility into all aspects of the organization’s attack surface – including the company’s ERP, CRM systems, etc. It involves security administrators to consider all entry points for cyber attackers rigorously.
Define the risk appetite for the company
Every single company is susceptible to a cyber attack. When it comes to cyber threats, it is not a matter of if but when an attack happens. A recent study revealed that 99 percent of the companies felt vulnerable to an attack. Even with a holistic approach, companies cannot safeguard all assets at all times. Realistically, companies need to make peace with the outages they are prepared to accept, considering the industry they are in, the market they serve, the data they collect and the business impact they will need to face.
Identifying the sensitive data that needs protection
The first step towards securing the company’s SAP system is understanding what the company’s high-value assets are and prioritizing security measures towards protecting them. A recent survey of SAP users revealed that over 40 percent of the companies felt protecting access to sensitive data and transactions was the most challenging of all GRC areas. Once identified, security resources can be prioritized to ensure this data remains protected at all times.
How soon can the attack be contained
When a breach or attack does occur, a good security strategy should allow for immediate identification of the breach and should contain the issue within a short period of time. A recent study by Ponemon on the “Cost of a Data Breach” states that the average time to identify a threat is 191 days and the average number of days to contain risk is 66. However, these numbers are much higher when it comes to internal threats.
Companies need to adopt a holistic approach to cybersecurity that addresses both internal and external cyber threats, accommodates the rapid advancements in digital technology, and moves to a proactive approach rather than a knee-jerk reaction to an attack that has already taken place.
We have teamed up with security experts from Onapsis to present you with a comprehensive, holistic cyber security strategy that protects both — from the inside and out. Check out our webinar: “Protecting Your Assets in SAP — A Holistic Approach.”