Have you ever gotten a puzzled look from friends/family when you tell them you help secure ERP systems? I know, that’s as esoteric as it gets, even in the cybersecurity world, and yet the topic is of great importance, as many organizations rely heavily on business-critical applications to operate successfully.
How do you currently secure your business-critical applications like SAP and Oracle EBS? Do you use the same level of rigor (or more) as you employ for your other systems? Our experience working with some of the most trusted brands is that most organizations have a dedicated budget and personnel for both information security teams and ERP operations team. However, when it comes to SAP/Oracle systems, some don’t even have dedicated resources to secure them properly.
At Onapsis, we have a dedicated team of security researchers who have studied the evolution of cyberattacks for more than a decade. Over 77% of the world’s transaction revenue touches these systems, making them an attractive target for cybercriminals looking to profit from the highly-sensitive and regulated data that resides in them. Public exploits for business applications have increased 100% since 2015, and in May 2019, the U.S. Department of Homeland Security (DHS) issued a third alert about malicious cyber activity targeting ERP systems. This alert was prompted due to the publicly released 10KBLAZE exploits, affecting approximately 50,000 organizations and 900,000 SAP systems.
To help organizations using SAP and Oracle EBS protect their systems from external attacks or internal misuse and abuse, we’ve written a whitepaper entitled Secure the Core: A Prescriptive Guide to Securing Your Business-Critical Applications. In this paper, we’ve highlighted trends on the state of business application security—based on almost a decade of threat research on this topic. We share best practices and insights into what some of the most trusted brands are doing to secure these critical systems.
We invite you to download this prescriptive guide to obtain concrete guidance for assessing, prioritizing and remediating vulnerabilities, understand the impact on your organization, and get insights on how to prevent protect your core applications and reduce risk.