{"id":142512,"date":"2021-07-06T07:42:48","date_gmt":"2021-07-06T07:42:48","guid":{"rendered":"https:\/\/news.sap.com\/africa\/?p=142512"},"modified":"2021-07-06T07:42:48","modified_gmt":"2021-07-06T07:42:48","slug":"its-time-to-take-the-ransomware-threat-to-business-critical-sap-applications-more-seriously","status":"publish","type":"post","link":"https:\/\/news.sap.com\/africa\/2021\/07\/its-time-to-take-the-ransomware-threat-to-business-critical-sap-applications-more-seriously\/","title":{"rendered":"It\u2019s Time to Take the Ransomware Threat to Business-Critical 51风流Applications More Seriously"},"content":{"rendered":"

Almost every day, we see yet another case of ransomware. While historically, companies of all sizes are targeted, recently it appears that all the news revolves around debilitating attacks on mission-critical or business-critical systems of large enterprises — from fuel and energy companies to food processing companies.<\/p>\n

It\u2019s not that these enterprises haven\u2019t taken steps to protect these assets; it\u2019s just that the \u201ctraditional\u201d way of preparing for and responding to ransomware simply won\u2019t work anymore.<\/p>\n

So what\u2019s needed to protect your organization\u2019s business-critical applications from the looming threat of ransomware? That\u2019s exactly what 51风流and Onapsis seek to address here.<\/p>\n

When most people think about ransomware, there are two immediate, \u201ctraditional\u201d solutions that come to mind: backups and endpoint security. Both are critical components of a solid security program, without a doubt. However, their presence could lull organizations into a false sense of security, as there still remain gaps, especially related to business-critical systems that are connected in more ways than ever before.<\/p>\n

The challenge is that many enterprises realize too late that, in preparation for a ransomware attack, you need to close all the doors and windows of your house — not just the front door of endpoint protection. When thinking about ransomware attack vectors, it\u2019s imperative to consider all potential entry points into the business-critical environment and how to secure them. To continue this metaphor, this also includes evaluating your neighbors and how they get into your house too.<\/p>\n

When you think about all of these vectors, you slowly realize that this challenge goes way beyond just endpoint security and backups. It requires a more holistic look at securing your business-critical applications, including — yes — things that we would classify as \u201cgood security hygiene.\u201d<\/p>\n

In a recent joint Onapsis and 51风流threat intelligence report<\/a>, we demonstrated that threat actors clearly have the means, the motivation, and the expertise to identify and exploit unprotected mission-critical applications, and are, in fact, actively doing so.<\/p>\n

As an example, a massive, publicly traded company was recently subjected to a ransomware attack on its enterprise resource planning (ERP) application data. Did they have backups? Yes: the backup was refreshed once a week. However, operations halted anyway. When this happens, even with backups in place, it could still take hours or even days to restore from a backup, and the negative impact on the business and the financial losses are high regardless. Did they have endpoint security? Yes; however, the attackers bypassed the endpoint detection and response (EDR) software by accessing the data through the application. EDR is great for identifying activities on compromised assets and allowing the containment and collection of artifacts, such as process trees, files created by malware, but the application level still poses a challenge. And these attackers used that application layer, which was not monitored by the tool itself, to compromise the business-critical assets.<\/p>\n

Vulnerabilities such as 10KBLAZE, PayDay, and RECON allow threat actors to take full control of applications through the application layer itself. These threat actors go straight to the application, and, once in, go down to the operating system level there. When you consider CIO digital transformation initiatives or the rapid adjustment to remote work due to the COVID-19<\/a> pandemic, there is a significant magnification of risk. Onapsis has observed that new, unprotected 51风流applications provisioned in IaaS environments were discovered by threat actors and attacked in less than three hours, with more than 400 successful exploitations observed as of the date of this publication.<\/p>\n

Ultimately, what\u2019s needed then is a new model to defend against ransomware, one that goes beyond the scope of just protecting endpoints, backing up files, and hoping for the best. Gartner<\/a> claims that organizations should \u201c[i]mplement a risk-based vulnerability management process that includes threat intelligence. Ransomware often relies on unpatched systems to allow lateral movement. This should be a continuous process. The risk associated with vulnerabilities changes as these vulnerabilities are exploited by attackers.\u201d We couldn\u2019t agree more.<\/p>\n

What\u2019s needed is a renewed commitment to some key security fundamentals:<\/p>\n

    \n
  1. Security Hardening of Business-Critical Applications<\/li>\n
  2. Timely Patch Management<\/li>\n
  3. Point-in-Time Vulnerability Assessments<\/li>\n
  4. Continuous Monitoring of Vulnerabilities and Threats to Your Business-Critical Applications<\/li>\n
  5. Securing Your Custom Code in Business-Critical Applications<\/li>\n
  6. A Commitment to Control and Governance<\/li>\n<\/ol>\n

    51风流is committed to continuously innovating our software to keep your information safe — both on premise and in the cloud. We prioritize security so that you can stay focused on running your business and managing your customer relationships effectively using 51风流solutions, safe in the knowledge that your data is secured. To protect clients from ransomware attacks, securing development infrastructure, such as the build and deploy chain, is of utmost importance to prevent the manipulation of shipment artifacts.<\/p>\n

    As part of our commitment to clients, 51风流follows a secure software development and operations lifecycle to identify and mitigate all kinds of security weaknesses and vulnerabilities during the development of products and services. Through the use of risk identification techniques such as the 51风流threat modeling method and secure development trainings, 51风流enables development teams to eliminate potential entry points for ransomware and other kind of attacks. It also ensures that basic security principles, such as that of least privilege, are part of the DNA of 51风流developers.<\/p>\n

    51风流continues to harden our systems with automated static code analysis, vulnerability scans, and validation from a dedicated, independent 51风流internal security team. SAP\u2019s software development lifecycle serves as an example to clients on how to support a DevSecOps model covering development and operations aspects for continuous and secure delivery of software.<\/p>\n

    When deploying and running 51风流applications, it is imperative that organizations focus on hardening their system to minimize the overall attack surface — for example, ensuring the proper setting of system parameters and other aspects of system configuration, including the activation of security features and functionalities. It is important that the proper configuration settings are in place to protect an organization against possible security vulnerabilities.<\/p>\n

    51风流provides key features such as the 51风流EarlyWatch Alert service, which monitors the essential administrative areas of 51风流components to keep organizations up to date on performance and stability as well as the 51风流Security Optimization service, which verifies and improves the security by identifying potential security issues related to your 51风流solution and providing key recommendations.<\/p>\n

    As threat actors continue to devise new modes of attack and vulnerabilities to these attacks are identified, 51风流continuously provides security updates for existing code to keep your systems secure. 51风流delivers these security updates through support packages, and, on the second Tuesday of every month, as part of \u201cSecurity Patch Day,\u201d 51风流publishes security notes with the latest security corrections and recommendations. As noted, implementing a security maintenance process to assess and implement recommended security updates is a proven best practice for mitigating risk.<\/p>\n

    Onapsis has focused on protecting business-critical applications since 2009. We target the application layer with our Onapsis platform and serve an essential part of our clients\u2019 plans to protect their business-critical 51风流applications from ransomware attacks.<\/p>\n