Technical Articles
5 Key Cybersecurity Threats for 2020 and what to do with your SAP® system and application?
According to a study by Cybersecurity Ventures, cybercrimes will cost the world almost $6 trillion a year by 2021. In the last few years, cybercrimes have been in the news a lot with tech giants like Facebook becoming a victim of data and security breaches. This is why when it comes to cybercrimes, it’s not a question of ‘if’, it’s a question of ‘when’ it will happen.
Five key cyber threats that enterprises need to take seriously and should watch out for in 2020.
- Social Engineering Attacks
- IoT-Based Attacks
- Ransomware Attacks
- Internal Threats
- State-sponsored Attacks
For all the 5 Key Cybersecurity Threats there are solutions for your SAP system and application.
- Start by building your Management Dashboard on your company’s security policy in order to ensure the confidentiality of your business data & the authenticity of your users .
- Review monthly your SAP® Security overall health report and SAP® Security vulnerability report.
- Decrease the risk of a SAP® system intrusion by activating SAP® tools. GO HERE FOR MORE INFORMATION.
- System Security Parameters Activation
- Configuring and setting up UCON
- Guide to configure UI Masking and UI Logging for SAP User Interface (UIs)
- Protection for SAP® password hashes
- Secure your SAP® Cloud Connector® or SAP® Connect
- Activate CCLM DASHBOARD to identify vulnerable code before going to production and retire codes that no longer being maintain.
- Identify suspected Attack (Forensics) in real time using SAP® Enterprise Threat Detection. GO HERE FOR MORE INFORMATION.
I hope that the above high level information help you to kick start your journey in securing your SAP system and application. Don’t forget the key is to detect threats in real time or head of time before it is too late.
I would be curious to hear from anyone who has implemented #ETD at this point. How much administrative overhead has this introduced? How well does it integrate with SIEM's? What have you learned? etc.
Thank you for the comment, ETD is a full implementation project like any other implementation. You will need to go through the project lifecycle starting with the realisation until the GO-LIVE and you will need to make sure that your organization can sustain the system after the GOLIVE. During the discovery phase of the project a solution architecture positioning is required. Once that has been done then you will need to have a technical architecture diagram or document where you will identify the major elements based on the solution architecture. In particular, we need to focus on the integrations. Once that is done then you will need a blueprint. In the blueprint you will also determine requirements for additional FTE during and after the project. On the technical side, the initial implementation of HANA standalone system including the post steps (Security etc.) is not heavy. Where it becomes heavy is to identify your organisation’s security policy and map it to the ETD functionality. Different businesses need to identify which data are critical and which reports and programs are sensitive to them – it’s not a one size fits all solution. However, I can confirm to you that by default what it has is very well done since SAP uses the same tool internally. ETD 2.0 latest patch has been really improved for API with other SIEMS such as archsight. Once you complete the project, the security monitoring and taking actions on real time messages it will be an ongoing process. Of course like any other SAP system you will need to sustain it. I hope that I answered your question, if you like me to organise a live demo with SAP please let me know. If you have any other question please let me know. For more security option you can also go HERE.
Example of attack categories with ETD 2.0
Very Interessting and eyes opening Reza
Thank you , let me know if ever you need more information. BE SAFE!
Nice post! it is really very helpful for us. if anyone want to know the details about cyber security online training and certification