Critical Business Systems Left Unmonitored & Insecure

Uploaded on 2022-06-15 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

New research reveals the extent of insecure and unmonitored business-critical operating systems, with 40 per cent of those surveyed noting that they do not include their business-critical systems such as SAP in their cyber security monitoring. A further 27 per cent were unsure if it was included in their cyber security monitoring at all.  

This is a big issue, since SAP serves as the core system behind every aspect of many business operations.

The recent survey by Logpoint has uncovered the security and cost implications businesses face with their existing IT infrastructure - not including this in the centralised security monitoring solution leaves organisations vulnerable and exposed to the risk of cyber threats.

“Considering that 77 per cent of global transactions touch a SAP system, protecting it against cyberattacks is vital. Organisations store their most critical assets within SAP and this data must be protected... SAP systems require extensive protection and security monitoring, and businesses need to ensure they have an integrated security operations platform that monitors all IT infrastructure to ensure they have complete visibility into their SAP system,” said Andrew Lintell of Logpoint. 

Furthermore, when asked how they currently review SAP logs for cybersecurity events or cyberthreat activity, almost 30 per cent of respondents admitted to not reviewing SAP logs in any way, and again, nearly 30 per cent said they didn’t know if this was being monitored.

Failure to do so can create a blind spot for businesses and make it challenging to detect and quickly respond to fraud and threats within SAP.

To add to this, only 23 per cent said the process of reviewing SAP logs for cybersecurity events or cyberthreat activity was automated through SIEM, with almost 19 per cent still doing so manually. “Bringing SAP systems under the remit of cybersecurity solutions can massively reduce the security risks and provide logs to aid any audit processes... Accommodating it within the SIEM, for example, can enable these applications to benefit from automation and continuous monitoring, as well as coordinated threat detection and response with log storage, and log management to assist in subsequent investigations,” Lintell said.

“The problem though, is that businesses are trying to fill the gaps in their cybersecurity stacks by devoting more spend to a growing litany of cloud security products, with many toolsets and features going unused or resulting in configuration failure and ultimately, data breaches that could be avoided.” Lintell added.

Other Findings: 

  • For those businesses looking to invest in cloud security, nearly 40 per cent of respondents regarded software licensing in the cloud as too expensive, with 24 percent declaring it led to unknown future costs.
  • Lock-in or lack of control with software licensing was also flagged as an issue by 22 percent, along with a lack of user-based licensing options by 14 percent, as the predominant model of charging is data usage-based.

The results indicate there’s an appetite for change in the way that cloud-based security services are offered, and businesses stand to benefit from a converged cost-effective form of cyber defence.

“Businesses must continue to build out their cloud presence and the market is seeing some natural consolidation as complementary technologies such as SIEM and SOAR converge" according to Logpoint. “There are cost effective options available, and a SaaS all-in-one solution can limit the costs associated with licensing, particularly if it’s based on the number of devices sending data, rather than on the volume of your data, which is where businesses are seeing costs escalate." Lintell said.

Logpoint:      Beta News:    GROVERWY

You Might Also Read: 

New Report: Average SIEM Deployment Is Over 6 Months:

 

« Using Artificial Intelligence In Military Operations
Zoom Can Expose You To Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CloudCodes Software

CloudCodes Software

CloudCodes is a cloud security solutions provider focused on providing cloud security solutions to enterprise customers.

Opscura

Opscura

Opscura (formerly Enigmedia) brings the reliable and cautious hands of operations together with the analytical minds of cyber experts and cryptography researchers.

Clusit

Clusit

Clusit is the Italian Association for Information Security, a nonprofit organization devoted to promoting every aspect of information security.

Aviva

Aviva

Aviva provides Cyber Liability cover for small to mid-market customers to help combat the threat of data and privacy breach.

TruSTAR Technology

TruSTAR Technology

TruSTAR is a threat intelligence exchange platform built to protect and incentivize information sharing.

Protectimus

Protectimus

Affordable two factor authentication (2FA) provider. Protect your data from theft with multi factor authentication service from Protectimus.

GreyCampus

GreyCampus

GreyCampus is a leading provider of training for working professionals in the areas of Project Management, Big Data, Data Science, Service Management, Quality Management and Information Security.

Gemserv

Gemserv

Gemserv is a specialist market design, governance and assurance services consultancy.

Living Security

Living Security

Living Security specializes in metric driven and engaging security awareness solutions that reduce risk by increasing security culture and changing employee behaviour.

Syskode Technologies

Syskode Technologies

Sykode Technologies is a next-generation global technology company offering an integrated portfolio of advisory services, products and solutions in areas including AI, IoT and Cyber Security.

Advisera 27001Academy

Advisera 27001Academy

Advisera is a market leader in providing documentation and online support for the implementation of business standards including ISO 27001, ISO 22301 and EU GDPR.

InfoExpress

InfoExpress

InfoExpress provides network security solutions that enhance productivity and security through better visibility, improved security, and automating device and mobile access to the network.

Inflexor Ventures

Inflexor Ventures

Inflexor Ventures is a technology focused venture capital firm that invests in early stage companies from seed to Series-A+ stages.

CloudCover

CloudCover

CloudCover is a software-defined cybersecurity risk solution that provides risk awareness, risk analytics, and data security in real time.

Kirk ISS

Kirk ISS

Kirk ISS are the leading provider of IT services in the Cayman Islands. We offer best-in class hardware, software, communications and cloud computing, all backed by professional services support.

Riot Security

Riot Security

In today's world, most successful cyberattacks start by a human failure. Riot have developed a platform that makes it easy to prepare your employees for cyberattacks, in a way they love.