Critical Business Systems Left Unmonitored & Insecure

New research reveals the extent of insecure and unmonitored business-critical operating systems, with 40 per cent of those surveyed noting that they do not include their business-critical systems such as SAP in their cyber security monitoring. A further 27 per cent were unsure if it was included in their cyber security monitoring at all.  

This is a big issue, since SAP serves as the core system behind every aspect of many business operations.

The recent survey by Logpoint has uncovered the security and cost implications businesses face with their existing IT infrastructure - not including this in the centralised security monitoring solution leaves organisations vulnerable and exposed to the risk of cyber threats.

“Considering that 77 per cent of global transactions touch a SAP system, protecting it against cyberattacks is vital. Organisations store their most critical assets within SAP and this data must be protected... SAP systems require extensive protection and security monitoring, and businesses need to ensure they have an integrated security operations platform that monitors all IT infrastructure to ensure they have complete visibility into their SAP system,” said Andrew Lintell of Logpoint. 

Furthermore, when asked how they currently review SAP logs for cybersecurity events or cyberthreat activity, almost 30 per cent of respondents admitted to not reviewing SAP logs in any way, and again, nearly 30 per cent said they didn’t know if this was being monitored.

Failure to do so can create a blind spot for businesses and make it challenging to detect and quickly respond to fraud and threats within SAP.

To add to this, only 23 per cent said the process of reviewing SAP logs for cybersecurity events or cyberthreat activity was automated through SIEM, with almost 19 per cent still doing so manually. “Bringing SAP systems under the remit of cybersecurity solutions can massively reduce the security risks and provide logs to aid any audit processes... Accommodating it within the SIEM, for example, can enable these applications to benefit from automation and continuous monitoring, as well as coordinated threat detection and response with log storage, and log management to assist in subsequent investigations,” Lintell said.

“The problem though, is that businesses are trying to fill the gaps in their cybersecurity stacks by devoting more spend to a growing litany of cloud security products, with many toolsets and features going unused or resulting in configuration failure and ultimately, data breaches that could be avoided.” Lintell added.

Other Findings: 

  • For those businesses looking to invest in cloud security, nearly 40 per cent of respondents regarded software licensing in the cloud as too expensive, with 24 percent declaring it led to unknown future costs.
  • Lock-in or lack of control with software licensing was also flagged as an issue by 22 percent, along with a lack of user-based licensing options by 14 percent, as the predominant model of charging is data usage-based.

The results indicate there’s an appetite for change in the way that cloud-based security services are offered, and businesses stand to benefit from a converged cost-effective form of cyber defence.

“Businesses must continue to build out their cloud presence and the market is seeing some natural consolidation as complementary technologies such as SIEM and SOAR converge" according to Logpoint. “There are cost effective options available, and a SaaS all-in-one solution can limit the costs associated with licensing, particularly if it’s based on the number of devices sending data, rather than on the volume of your data, which is where businesses are seeing costs escalate." Lintell said.

Logpoint:      Beta News:    GROVERWY

You Might Also Read: 

New Report: Average SIEM Deployment Is Over 6 Months:

 

« Using Artificial Intelligence In Military Operations
Zoom Can Expose You To Cyber Attacks »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Celestya

Celestya

Celestya is dedicated to providing the most advanced and cost effective systems for human behavior education on cybersecurity awareness training.

Redjack

Redjack

Redjack is a cutting-edge network analytics company focused on enterprise and ISP security and intelligence solutions.

Salt Communications

Salt Communications

Salt communications is a global leader in secure communications. Our bespoke platform is the secure communications solution that uniquely gives complete control to our customers.

Cybersecurity Advisors Network (CyAN)

Cybersecurity Advisors Network (CyAN)

CyAN provides a not-for-profit platform that helps private and public organisations as well as governments to identify trusted advisors in the area of Cyber Security and Cyber Crime.

G DATA CyberDefense

G DATA CyberDefense

G Data developed the world's first antivirus software. We now ensure the security of small, large and medium-sized companies all over the world.

Sonrai Security

Sonrai Security

Sonrai Security delivers an enterprise security platform focused on identity and data protection inside AWS, Azure, and Google Cloud.

PSafe

PSafe

PSafe is a leading provider of mobile privacy, security, and performance apps. We deliver innovative products that protect your freedom to safely connect, share, play, express and explore online.

ServerScan

ServerScan

ServerScan specializes in providing server scanning & compliance services to organizations of all types and sizes.

Incognia

Incognia

Incognia have created a ubiquitous private identity based on location behavior, that enables a personalized frictionless experience with mobile apps and connected devices.

Babble

Babble

Babble is a Unified Comms, Contact Centre and Cyber Solutions provider. We believe in making next-generation technology simple to use, deploy and manage.

Atlas VPN

Atlas VPN

Atlas VPN is a highly secure freemium VPN service with a goal to make safe and open internet accessible for everyone.

risk3sixty

risk3sixty

Risk3sixty are information and cyber risk management craftsmen helping build business-first security and compliance programs.

Togggle

Togggle

Togggle offers seamless identity verification solutions and distributed infrastructure, enabling organizations to combat fraud and ensure compliance with data protection regulations.

Loccus AI

Loccus AI

Loccus are developers of AI solutions in the voice safety space. We build identity verification solutions, deepfake detection systems and fraud protection products for companies and end-users.

Redport Information Assurance

Redport Information Assurance

Redport Information Assurance is an information assurance and cyber security solutions provider offering integrated business solutions for all levels of government.

Astra Cybertech

Astra Cybertech

At Astra Cybertech, we're more than just cybersecurity experts - we're your partners in safeguarding your digital assets.