Steps to protecting your organisation:
A security approach should be multi-layered with barriers and lines of defence at every stage – 'Defense in Depth' to this - A security approach should be multi-layered with barriers and lines of defence at every boundary – 'Defense in Depth' .
1. Start at the data and work outwards:
Think of a factory, at the perimeter you have a security fence with specific entry points, with security guards preventing access unless expected and authorised. Beyond the first barrier there will be areas only accessible to certain personnel, probably using badges or passes. People will be expected to have their badges on show to prove they are authorised. This means people are only getting access to areas they are supposed to be in.
Systems are no different, and the Principle of Least Privilege should be implemented. The Verizon 2021 Data Breach Investigations Report found that 85% of breaches involved a human element and more than 70% are directly attributed to Privilege Abuse. It seems obvious then, we should only be allowing people access to what they actually need in order to do their job.
Consider reviewing your SAP authorisations: do users have far-reaching access? How do you provision users, is there a controlled process in place? Does your offboarding process remove access from individuals immediately on termination, or in the event of a serious disciplinary procedure?
Review your layers of protection across the organisation, are they multi-layered or is it down to a single gate-keeper?
2. Keep systems and mechanisms up to date:
Ways of gaining access and exploiting holes in systems are evolving continuously, so you need to have an approach for regularly updating your software, e.g., periodically, by exception on alert, or following a security notification, etc. Are you monitoring vendors feeds for security updates, do you monitor security news feeds for vulnerability outbreaks?
Patching and keeping software up to date should take place at each level of the access model, here’s a list for starters:
- Fire Walls systems;
- Anti-Malware and Anti-Virus systems;
- Operating and Database systems;
- Application software (SAP kernel and application layers) – check the SAP Security Notes;
- Monitor Application & Software Vendor sites constantly for alerts and fixes to vulnerabilities.
3. Prepare for a breach:
As we’ve said previously it’s not a case of if you’ll be the victim of an attack but when. The best form of defence is to accept that it will happen and prepare to limit the impact.
Think of your car; it is has crumple zones, airbags, seatbelts etc. From the outset it is designed for a crash. Hopefully it doesn’t happen, but if it does the resulting injuries to the occupants will be minimised. This is the same for systems.
A finding from the Version Report mentioned earlier was that whilst the number of attacks continues to grow and grow, the impact of the attacks are reducing or being contained. Have detection systems in place, be prepared to react and control a breach when it occurs. Don’t wait until you’re attacked to find out where your vulnerabilities are.
4. Monitor & report:
Social engineering, is the practice of manipulating people into revealing sensitive, confidential information for monetary gain or access to data.
Phishing is a social engineering technique used to entice users to click on links, download malware, or trust a malicious source. In 2020, almost one-third of the breaches incorporated social engineering techniques, of which 90% were phishing. Regular education, training and testing your staff to identify and prevent phishing attacks should be a priority.
SEAM tools such as SAP’s Enterprise Threat Detection in conjunction with Splunk provide the ability to identify, analyse, and neutralise cyberattacks as they are happening, and before they damage your business infrastructure using real-time intelligence. Consider a tool providing this capability.
4. Identity & access management:
With the rapid increase in systems comes an equally rapid increase in the need to manage the increasing volume of passwords.
Good password practices and management is essential to securing your systems. Don’t share passwords, enforce expiry dates, adopt complex patterns and many others.
Introduce Two-Factor Authentication as a minimum or Multi-Factor Authentication if possible.
Consider using a password tool such a Delinea’s Secret Server to store, monitor and manage (expiry dates, patterns etc.) and have a process and a tool to handle Privileged Access Management.
These are a few of the ways you can protect your critical systems across multiple levels. Stay safe!
1. FBI - https://www.ic3.gov
2. Deep Instinct - https://www.helpnetsecurity.com/2021/02/17/malware-2020/
3. Verizon 2021 Data Breach Investigations Report