SAP Security: The New Normal Dealing with the Internal Threat of Working from Home
Stephen McBride, Forbes Magazine contributor and editor of RiskHedge Report, predicts in his article that the largest cyberattack in history is likely to occur in the next six months, with the coronavirus laying the groundwork.
McBride explains that the more devices connected to a network, the larger the number of entry points, making it easier for hackers to access. With so many people working from home, firms had only days to cobble up remote work plans. System security planning often did not include planning around masses of remote workers, or the use of less secure home internet connections. Hackers only need to gain entry through one single unsecure point.
Hackers broke into the networks of America’s largest defense contractor, Lockheed Martin, by targeting remote workers. If they can infiltrate this system, you best believe remote workers with little security are easy pickings, he adds.
In the past couple months, hackers have targeted the US Department of Health. And attacks against the World Health Organization have more than doubled.
Cyber intelligence firm CYFIRMA revealed cyberthreats related to coronavirus shot up 600% from February to March. It’s only a matter of time before we hear about a major cyber breach, he says.
In his recent article Reza Rassuli, SDA Inc. CEO and SAP technical advisor mentions five key cyber threats that enterprises using SAP need to take seriously and should watch out for in 2020. These are social engineering attacks, IoT-based attacks, ransomware attacks, internal threats and state-sponsored attacks. He advises SAP users to place emphasis on detecting threats in real time or ahead of time before it is too late.
SAP themselves, in a recent Covid-19 response article, stress that enhanced cybersecurity is critical while the World Economic Forum has warned that cybercriminals have escalated their efforts to capitalise on the unfolding tragedy of Covid-19.
In this article we focus on a number of security activities that an organisation should consider to minimize the risk of the internal threat associated with remote working.
The ‘new normal’ high security risk of working from home should, therefore, be changing the way organisations view security.
There is a significant difference between accessing the SAP system from the office and from home and therefore opens the door to vulnerabilities.Coupled with the increased likelihood of a breach (external), work from home is therefore likely to also increase the chance of a data leak (internal).
Some questions do arise. Will work-from-home change user behaviour? Without having a supervisor or work colleagues looking over one’s shoulder, will this lead to a change in user behaviour where users ‘explore’ what they have access to in the system? Are users going to be more likely to download data onto a memory stick if there is no one around to see?
It is fair to say that when employees are not in the office environment, many of them are likely to behave slightly differently. Remote working will be the catalyst for organizations to embark on SAP security activities that security professionals have been advocating for many years.
Five SAP security activities that organisations should place more importance on in this new era of remote working:
1. Appropriate user access:
Numerous organizations have outdated SAP role designs, where users have been assigned inappropriate access over the years in relation to their actual job function. To minimize the risk of both a breach and leak, it is imperative that organizations follow a ‘zero-trust’ approach and ensure that users are assigned appropriate access.
2. Rule set customisation:
Many organisations who implement an access risk solution make use of the standard rule set with minimal or no customisation. This is necessary to ensure the rule set addresses relevant risks in their organisation. For those organizations that do go through a rule set customisation project, many do not review (edit/update/adjust) the rule set again after the initial project. With the increase risk caused by remote working, organizations should place more emphasis on customizing the standard rule set to ensure that the rule set covers risks applicable to their organization, including data privacy risks.
3. Business Accountability of risk:
Organisations struggle with business buy-in and a lack of accountability in access risk from the business. This is often caused by a lack of understanding of the risks and their impact on the organization should it occur. When the business does not understand the risks and the impact, the granting and approving of inappropriate access is likely to occur.
4. User Access Reviews:
The User Access review process requires businesses to review all users’ SAP access on a periodic basis. Most organizations perform this on an annual basis. With the increase in risk caused by remote working, ensuring users are assigned appropriate access must be done on a more regular basis. Many organizations will need to start performing periodic user access reviews, and the frequency of the reviews is likely to increase to be done bi-annually or even quarterly.
5. Activate Logging:
There are many different types of logging available in SAP that can provide useful information. Numerous organizations do not activate them due to performance or space concerns. With the increased risk of remote working, it is critical that certain categories of logging are activated.
Besides the basic SM20 filters of transaction start, it is advisable to activate other filters such as generic access to tables (CUZ and DU9) or RFC calls accessing data in SAP. With data privacy becoming more topical because of legislation such as GDPR, CCPA, and POPIA, having the ability to identify who has displayed this data becomes crucial and the logging of this information can be configured by using the Read Access Logging (RAL) functionality in SAP.
If you’d like to know how Soterion can assist you with managing SAP security issues discussed in this article please email [email protected]. We look forward to assisting you.
About Soterion
Established in 2011, Soterion is a leading provider of governance, risk, and compliance solutions for organisations running SAP and specialists in Security and Risk. Soterion’s award-winning user-friendly GRC solutions provide SAP customers with in-depth access risk reporting to allow organizations to effectively manage their access risk exposure.
Soterion is passionate about simplifying the governance, risk, and compliance processes, with a focus on translating this complexity into a business-friendly language to enhance better decision making and business accountability.
The threat of economic crime is a very real concern for all organizations, regardless of their size, sector or region. However, the cost and complexity of GRC tools are often a challenge for many SAP companies. Soterion’s product suite has a number of deployment options both as a subscription model as well as an outright purchase option:
- Soterion On-Premise: For customers looking for market leading on-premise access risk software.
- Soterion Cloud: Soterion’s GRC suite hosted in Soterion’s data centres.
- Soterion GRC as a Managed Service: For customers looking to combine ‘on-tap’ GRC expertise with Soterion’s GRC suite.
About Dudley Cartwright – CEO of Soterion
Dudley has spent the majority of his career working in SAP security and risk, starting as an independent SAP security consultant and working his way up to providing SAP security advisory services for the big 4 audit firms.
With his strong technical and audit experience combined with vast knowledge in Governance, Risk and Compliance (GRC), Dudley co-founded Soterion – a company solving GRC for SAP companies. By understanding each customer’s unique set of needs and requirements, Dudley has a passion for providing and implementing ‘fit-for-purpose’ GRC solutions that add real value to the organization. With a special focus on Access Risk Management, Data Privacy, and SAP Role Designs, Soterion assists organization across all industries and all geographies achieve SAP Authorization Compliance.
Media Contact
Company Name: Soterion
Contact Person: Dudley Cartwright
Email: Send Email
Phone: +27 11 540 0232
Address:17 Muswell Road South Wedgefield Office Park, Block A, Bryanston Dr
City: Johannesburg, 2021
Country: South Africa
Website: soterion.com