Reuters article on hackers highlights basic question overlooked by CIOs

It is high-time you gave this issue a serious thought and not put it on the back burner till it is too late.

Old technology does not only impediment scaling business operations, but going by Reuters’ report on a study by two cyber security firms, it definitely is an open door to hackers with a malicious eye on your valuable data.

The article titled ‘Study warns of rising hacker threats to SAP, Oracle business software’ published on July 25 [1] brings to the fore the threat of legacy technology.

Gaps due to patches

Legacy technology and multiple layers of overlapping technology stacks are the stuff nightmares for the serious CISO, especially for those who do not regularly ‘patch up’ fearing disruption to their “their manufacturing, sales or finance activities.” Also, risks could come due to mistakes in linking “traditionally back-office business systems to the cloud in order to reach mobile or online users”.

Threats breed on festering issues

Gaps in technology are not over-night issues. They evolve over a period of time primarily due the mismatch between ever-growing operational and business requirements and devolving back-end technology. Not keeping up with latest security patches and upgrading as per requirement creates issues that fester over a period of time – the right places for threats to breed.

The magnification of a small gap in ERP

In the case of Enterprise Resources Planning software, such as SAP, a small gap could sink the entire ship. This is primarily due to the ‘enterprise-level’ expanse of the software connecting processes and departments, and, most importantly, being the store house of data. Thus, through a single gap, a hacker or any malicious element could easily find its way into the ERP system, eavesdrop and strike at the opportune moment. Worse still is a situation  in which the hacker siphons off data without the CIO even knowing it till it’s too late!

The problem once they are ‘inside’ – the insider angle

Entry into a system through a gap also changes the angle of the data security problem. It then becomes a threat ‘inside’. Imagine this. After a hacker finds access to infiltrate into a port and listen to data transfers (initiated either by SAP applications or by external applications that support standard SAP data transfer protocols such as Remote Function Call (RFC) or Web Service), he has access to leak such data – a source of potential leaks that may be invisible.

Sounds far fetched? It actually isn’t. There are, unfortunately, many examples of such attacks. Here is a popular incident that was in the news a couple of months ago. You would have heard about the settlement that US retail giant Target paid for the 2013 data breach. News reports state that it summed up to $220 million including legal fees and other associated costs – maybe more. But the important question here is: How did the data get out? Ostensibly, the credentials of a ‘heating, ventilation and air conditioning’ contractor from Pittsburg were stolen. Using the credentials, the cyber criminals gained access to Target’s database, which included “customers’ full names, phone numbers, email addresses, home addresses and payment cards data such as expiration dates, encrypted security codes and encrypted PINs.”

In early 2014, the Retailer’s IT department affirmed that the established IT security system had raised a high volume of alerts. However, due to the incredibly high volumes, the alerts were ignored. In March that year the CIO, Beth Jacob, resigned followed by the chairman Gregg Steinhafel soon after.

Again, the recent reports cross the global media of yet another data breach by the National Health Service in the UK – this time about 150,000 records of patients who had categorically opted ‘out’ of sharing their medical details for research purposes – yet again drives home the fact that data breach continues to be a nightmare whether it is by human design or automated.

What should be done?

In one line: Monitor your SAP data flow. But this is an open question.

Are you aware of what happens to your priceless data? Who accesses it? Who downloads it? What happens when it goes outside your secure SAP landscape?

Most often than not, the answer is NO. But that’s not strange considering old classification paradigms in use. The answer is in not being aware of your data downloads based on ‘content’ but by ‘context’.

HALOCORE’s enhanced logging and auditing features allow enterprises to isolate their internal threats and reduce the risk of unwanted information exposure. All data download and extraction activity from SAP is aggregated into a fully customizable audit log, which can be extracted to powerful tools such as SAP Business Intelligence and Analytics solutions.

HALOCORE provides a seamless classification experience for any data extracted from SAP. HALOCORE intercepts the data being downloaded from SAP and applies fully customizable labels to the document metadata. HALOCORE ensures consistent and proper handling of documents downloaded from SAP throughout their life cycle.

So if you think your SAP data is truly secure, think again. You might have left a window open.

For more information, you can read about HALOCORE here.

References

[1] Study warns of rising hacker threats to SAP, Oracle business software

[2] The NHS accidentally disclosed 150,000 patients’ personal data

[3] Warwick Ashford, ‘US retailer Target agrees $18.5m data breach settlement’, ComputerWeekly.com, 24 May 2017

Related Reading

[1] What’s the penalty for losing a 100-million strong customer database?

[2] Dark Web augments insider threat for organizations

[3] How do you secure data against Industrial Espionage?

[4] How not to give business to the business of cyber crime

[5] Context-aware Data Loss Prevention

Video

[1] SAP Security on Premise and in the Cloud with Halocore