SAP and Oracle are releasing tons of patches every month, but are enterprises up to this complex task? I have my doubts.
One of the biggest cybersecurity surprises of note is the large number of breaches announced this year that, according to fact-finding at The Onapsis Research Labs, were exposed through SAP and other enterprise ERP systems.
A month ago, new evidence came to light about a high profile two-year-old breach at US Investigations Services (USIS), a contractor in charge of conducting federal background checks. The USIS breach made headlines because it was the first public proof that an SAP vulnerability was the origin of an attack leading to the theft of personal information about federal employees and contractors with access to classified intelligence.
Weeks later we heard about a new breach, this time directly against the Office of Personnel Management, compromising 4 million current and former federal employees’ personal information. Subsequent reports disclosed that the exposed information could be even more widespread. In a letter to OPM Director J. David Cox, national president of the American Federation of Government Employees (AFGE) claimed “Based on the sketchy information OPM has provided, we believe that the Central Personnel of Data File [CPDF] was the targeted database, and that the hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to one million former federal employees.”
These are not isolated cases. And while I cannot confirm which kind of system OPM is using for the CPDF database, taking into account public information, most likely OPM is using an ERP-based system to hold and report federal employment statistics.
More concerning, the last weeks have shown that business-critical applications are rapidly becoming one of the most valuable targets for cybercriminals and cyberespionage. SAP and Oracle are releasing tons of patches every month, but are enterprises up to the task? As these enterprises contain complex infrastructures and patching and configuration are complex tasks, I have my doubts.
In order to properly secure these enterprise applications against these and other threats, many things need to happen within a company, among them:
a strict patch management process security and configurations change management processes, and a security threats monitoring program. There are also many actors within the SAP security landscape, all of whom need to understand the latest cybersecurity risks affecting SAP systems.
Four key issues for key players include:
To know what are the issues, Visit http://www.darkreading.com/application-security/why-we-need-in-depth-sap-security-training/a/d-id/1321139
ReplyDeleteThe Interior Designer is a plans, researches, coordinates, and manages the projects. Interior design is a multifaceted profession that includes conceptual development, space planning, site inspections, programming, research, communicating with the stakeholders of a project, construction management, and execution of the design.
Interior Designers in OMR
ReplyDeleteSuperb post, we enjoyed each and everything as per written in your post. Thank you for this informative article because it’s really helpful, I really like site.
Please visit our website: Packers And Movers Pune