4 Questions to Ask Our Experts at RSA

Our team will be at RSA in San Francisco discussing hot topics in security strategy and invite you to stop by our booth #5464 to ask us all your pressing questions about ERP security. What does that even mean? Or why should you care? Here are a few to get the conversation started!

I have sufficient perimeter security measures in place, why do I need ERP security?

Traditional security measures that focus on the perimeter are an important part of your overall approach, but despite their importance, they can’t be solely relied upon. Focusing only on the perimeter can leave critical blind spots exposed in your business-critical ERP applications.

ERP systems are a prime target for external threat actors. Many organizations don’t have a security plan in place for these systems, yet we know ERP attacks are happening. Critical information is being accessed, having a devastating impact on organizations’ financial well being and reputation. To reduce your cybersecurity risk, you must secure the critical data housed in your ERP…nothing else matters.

The bottom line is that $16 trillion dollars a day is processed by SAP and Oracle ERP systems, so do you really want to risk it?

Why should I care about cybersecurity for my ERP applications during my digital transformation project?

Digital transformation is happening at every level of an enterprise. The goal of these projects is to improve efficiency, enhance customer experience and increase profitability. The success of these initiatives will ultimately require connectivity and modernization of an organization’s ERP system, which track business resources such as raw materials, production capacity and operations such as purchase orders and payroll.

90% of the world’s enterprises run their core business applications on SAP or Oracle ERP platforms, both applications that are moving towards the cloud.

During these transitions, teams need application transparency, operational awareness, and system strength to securely transform their most critical business applications and systems. Onapsis research has shown that including cybersecurity at each phase of your transformation can save you up to 5x the cost of the project.

How do compliance requirements fit in with my efforts to secure my ERP systems?

If you became the victim of an ERP attack, would this become a legal or compliance liability for you? For example, think GDPR is just another regulation? Think again!

We already know that ERP is where all your critical data sits – if it gets breached, you only have 72 hours to report it and take action, so you don’t incur the fine. Programs around log management, incident response and monitoring, which are specifically called out in the articles of GDPR, need to be included in your overall ERP security strategy.

CISOs must align with audit teams to mature the organization’s cybersecurity strategy and maintain compliance within ERP systems. An automated incident response and monitoring solution specifically geared around SAP is required to get and stay compliant.

Take action to understand the risk in your SAP and Oracle systems to safeguard compliance and avoid cyber attacks.

How can Onapsis help me understand my current level of risk within my ERP systems?

Risk can mean different things, whether we’re talking about the possibility of a system becoming unresponsive or an active attack that leads to external control – what visibility do you have into the current risk your ERP systems face and how do you monitor it over time?

Onapsis’s Business Risk Illustration (BRI) is a complementary assessment of your ERP systems to help frame the business risk of a cyberattack. The goal of the BRI is to provide visibility into your risk posture and examine areas of potential weakness to level set your understanding and plan for a path forward.

The assessment engages multiple people across your organization such as the CIO, CISO, Information Security professionals and Compliance and Audit departments to:

  1. Understand your ERP landscape, its primary usage and processes, as well as the key informational assets it manages
  2. Review and analyze scan results
  3. Correlate results of found vulnerabilities to your organization’s corporate risk posture in order to determine top risks to the business
  4. Provide recommendations for security coverage

We hope to see you at the show, and if you’re not attending, feel free to contact us with any of the above questions, or anything else you’d like to know about ERP security!