How Vulnerable Are You To Insider Attacks?

By Author: Udaya
Total Articles: 29
Comment this article

A recent study reveals that ERP systems, including SAP, are more vulnerable to insider attacks

The recent Data breach report by IBM reveals that malicious insiders are equally liable for the data breaches. Many of us think that stolen or compromised credentials are the primary or the most common cause of a data breach.
It is also evident that Insider attacks by these malicious insiders are most common across the ERP systems and pose a potential threat to the organization’s key assets, i.e., data. Here are a few facts:
6 out of 10 data thefts in the past 3 years are by malicious insider attacks, while only 4 are by external threats.
Nearly half of all data breaches happen in the cloud. It cost $4.24M loss on average for organizations that are on private clouds and $5.02M for organizations in public clouds.
According to the “Insider Threat Report 2022”, insider attacks are a much more significant threat. As far as the security of SAP systems is concerned, insider attacks are by far the greatest problem.
Identifying a malicious insider attacks is a tougher task than an external event
...
... The focus of this blog is on securing the SAP systems. However, ToggleNow has expertise in Oracle GRC and can build Ruleset for other ERP packages as per the customer’s requirement.
Did you ever think of the potential reasons for malicious insider attacks? If not, here is what you should know:

Unstructured Authorizations are the Primary Culprits
Many of the insider attacks are by employees who cause problems either intentionally, unintentionally, or by mistake. A recent study reveals that the main reason for unintended security incidents was that the authorizations were granted too generously (Wider authorizations).
This is a common issue in SAP systems where roles and authorizations are developed ad-hoc and from time to time they are piled up. With the complexity of an ERP system, it is easier for administrators – who do not necessarily have the expertise required to appropriately restrict authorizations – to assign authorizations by way of general role descriptions. This gives wider authorizations.
Secondly, not auditing the system for non-Dialog users such as communication, system, or service. Malicious insider attacks typically target these IDs, which usually have broader authorizations. It is therefore vital to audit them periodically and set up processes to utilize them correctly.
Third on the list of reasons for security problems is the complexity of the relevant systems. A new way of working has been introduced by Industry 4.0. This is the age of systems communicating with one another. Furthermore, SAP AG acquired many products, including S/4 HANA, C/4 HANA, the SAP Cloud Platform, SAP Ariba, SAP Success Factors, etc. It is crucial to secure not only the systems but also the interfaces since these systems are interconnected. There is a high level of vulnerability in cloud-based systems as well, as previously mentioned.
The latest IBM report indicates that cloud systems are equally vulnerable to attacks. It has been estimated that 45% of breaches have happened in the cloud.
Nearly half of all data breaches happen in the cloud


$4.24M
Average data breach cost in organization with private clouds

$5.02M
Average data breach cost in organizations with public clouds
Most of us consider Security to be a small project that yields no business benefits. In fact, it increases your SAP system’s overall security posture, protecting your critical business data.
Having the same challenges and wondering how to secure your SAP system?
As a first step, we need to understand the current status of the system. Security risk areas should be evaluated. A simple way to identify gaps is to review the system with standard ITGC and/or ITAC controls. ToggleNow’s FourEdge Discovery offering will also help you discover your security posture. This tool dives into SAP systems, evaluates them, and provides recommendations on more than 70 parameters.
The next steps in this exercise is as follows:
Revisit your authorization structure
Protect the systems with the right password and identity theft controls
Have a mechanism to identify identity thefts
Give importance to data privacy
Use the right solutions to identify phishing
Revisit your authorization structure
Authorization structure plays a vital role in securing the system. SAP’s authorizations lie with users & roles. The role concept is a potential source of security problems on two fronts:
On the one hand, there are critical authorizations that give a user more rights than his job profile requires.
On the other hand, there are those authorizations that violate the principle of segregation of duties (SoD). It is important to ensure that SoD conflicts are avoided and that authorizations are not allocated too generously.
A classic problem is an employee who moves from one department to the other in his employment tenure effect. An employee, who spends some time in one department or a position will only request new access when he moves to the other. This leaves the old authorizations intact and collectively, he may get more access than required. In simply called Accumulated authorizations.
Having a robust role design is a must and the industry recommendation is always to have a design in the below approach:

Job-based Role:
A job-based role is typically a composite role or a business role that contains a group of single roles derived from a task. In simple terms, these roles contain all necessary authorizations to perform a user’s duties.
Task-Based Role:
Task-based roles are those that provide authorizations to a specific task. For easier management, these are further derived at the business process level, and at the subprocess level. An example would be an Asset Acquisition – Asset Management role. Single-role designs for the most part do not pose Segregation of Duty risks and make individual roles risk-free.

Read more: https://togglenow.com/blog/insider-attacks-to-sap-system/

#SAPSoDAnalysis
#SegregationofDutiesinSAP
#SAPSecurityandCompliance
#SoDViolationsinSAP
#sapsegregationofdutiesmatrix
#SAPRiskAssessment
#sapsodanalysistool
#sapsodconflicts
#sapsegregationofduties
#SAPGovernanceSolutions
#SoDRiskManagementinSAP
#sapsodmatrix
#sapsodconflictmatrix
#sapsodanalyzer
#sapsodtool