Critical Business Systems Left Unmonitored & Insecure

New research reveals the extent of insecure and unmonitored business-critical operating systems, with 40 per cent of those surveyed noting that they do not include their business-critical systems such as SAP in their cyber security monitoring. A further 27 per cent were unsure if it was included in their cyber security monitoring at all.  

This is a big issue, since SAP serves as the core system behind every aspect of many business operations.

The recent survey by Logpoint has uncovered the security and cost implications businesses face with their existing IT infrastructure - not including this in the centralised security monitoring solution leaves organisations vulnerable and exposed to the risk of cyber threats.

“Considering that 77 per cent of global transactions touch a SAP system, protecting it against cyberattacks is vital. Organisations store their most critical assets within SAP and this data must be protected... SAP systems require extensive protection and security monitoring, and businesses need to ensure they have an integrated security operations platform that monitors all IT infrastructure to ensure they have complete visibility into their SAP system,” said Andrew Lintell of Logpoint. 

Furthermore, when asked how they currently review SAP logs for cybersecurity events or cyberthreat activity, almost 30 per cent of respondents admitted to not reviewing SAP logs in any way, and again, nearly 30 per cent said they didn’t know if this was being monitored.

Failure to do so can create a blind spot for businesses and make it challenging to detect and quickly respond to fraud and threats within SAP.

To add to this, only 23 per cent said the process of reviewing SAP logs for cybersecurity events or cyberthreat activity was automated through SIEM, with almost 19 per cent still doing so manually. “Bringing SAP systems under the remit of cybersecurity solutions can massively reduce the security risks and provide logs to aid any audit processes... Accommodating it within the SIEM, for example, can enable these applications to benefit from automation and continuous monitoring, as well as coordinated threat detection and response with log storage, and log management to assist in subsequent investigations,” Lintell said.

“The problem though, is that businesses are trying to fill the gaps in their cybersecurity stacks by devoting more spend to a growing litany of cloud security products, with many toolsets and features going unused or resulting in configuration failure and ultimately, data breaches that could be avoided.” Lintell added.

Other Findings: 

  • For those businesses looking to invest in cloud security, nearly 40 per cent of respondents regarded software licensing in the cloud as too expensive, with 24 percent declaring it led to unknown future costs.
  • Lock-in or lack of control with software licensing was also flagged as an issue by 22 percent, along with a lack of user-based licensing options by 14 percent, as the predominant model of charging is data usage-based.

The results indicate there’s an appetite for change in the way that cloud-based security services are offered, and businesses stand to benefit from a converged cost-effective form of cyber defence.

“Businesses must continue to build out their cloud presence and the market is seeing some natural consolidation as complementary technologies such as SIEM and SOAR converge" according to Logpoint. “There are cost effective options available, and a SaaS all-in-one solution can limit the costs associated with licensing, particularly if it’s based on the number of devices sending data, rather than on the volume of your data, which is where businesses are seeing costs escalate." Lintell said.

Logpoint:      Beta News:    GROVERWY

You Might Also Read: 

New Report: Average SIEM Deployment Is Over 6 Months:

 

« Using Artificial Intelligence In Military Operations
Zoom Can Expose You To Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Libraesva

Libraesva

Libraesva specialize in Email Security. From Email Security, Phishing Awareness and Email Archiver. We can assist you with any email issues you may have.

Crest International

Crest International

Crest is focused on professionalizing the technical cyber security market whilst driving quality and standards of organizations that operate within it.

Data Shepherd

Data Shepherd

Data Shepherds primary focus is to protect your business. We achieve this by offering extensive and unique expertise in innovative IT and Cyber security solutions.

IdenTrust

IdenTrust

IdenTrust enables organizations to effectively manage the risks associated with identity authentication.

Xcina Consulting (XCL)

Xcina Consulting (XCL)

Xcina Consulting provides high quality business and technology risk assurance and advisory services.

IBLISS Digital Security

IBLISS Digital Security

How cyber-resilient is your business now? We help companies to continuously answer this never-ending C-level question.

C11 Cyber Security & Digital Innovation Centre

C11 Cyber Security & Digital Innovation Centre

C11 is working with local and national partners to develop talent and bring brilliant minds and brilliant businesses together.

Upfort

Upfort

Upfort (formerly Paladin Cyber) unifies award-winning security and robust cyber insurance to deliver comprehensive cyber risk solutions.

Get Indemnity

Get Indemnity

Get Indemnity are specialist insurance brokers with experience working on a wide range of innovative business insurance products that combine risk management, indemnity and incident response services.

Fortress Information Security

Fortress Information Security

Fortress Information Security is one of the largest cyber security providers of supply chain risk management and vulnerability risk management in the US.

Cyberfort Group

Cyberfort Group

Cyberfort exists to provide our clients with the peace-of-mind about the security of their data and the compliance of their business.

SquareX

SquareX

Squarex secures your online activities without compromising productivity.

Xact IT Solutions

Xact IT Solutions

Xact IT Solutions are a certified cybersecurity firm offering cybersecurity, compliance and managed services.

PRE Security

PRE Security

PRE Security is leading the transition into the next era of AI cybersecurity with a new model: Predict & Prevent.

Keyrus

Keyrus

Keyrus is a global consultancy that develops data and digital solutions for performance management.

Advania UK

Advania UK

Advania are one of Microsoft’s leading partners in the UK, specialising in Azure, Security, Dynamics 365 and Microsoft 365.