There is no doubt, after the recent events, that the USA will see increased activity as a target for Iranian cyber warfare retaliation. It's certainly a tool Iran has used before and will likely now increase their attack attempts . But if Iran launches an attack what will be their most sought after targets? The most obvious targets will be iconic, large American companies, the ones that embody the USA identify and are synonymous with an American lifestyle. More specifically they are likely to try and infiltrate the hub of those company's systems, IE: their ERP environment. Many of these targeted organizations run SAP at the center of their data processes, and in a recent survey of IT managers, 64% have said that they have experienced some form of breach in their ERP landscape within the last 48 months. SAP systems are undoubtedly coming under increasing and more sophisticated attacks.
ERP systems very often hold companies' most valuable assets: financial data, product development strategies, IP, etc. These systems hold the key operational data that is so pivotal to an organisation's vitality that just a short hiatus in production would be financially catastrophic. So what can organisations do to ensure that the systems that hold their most valuable data are secure?
To address this, SAP issues "Patch Day" every second Tuesday of each month and these patch advisories are key to good housekeeping and vulnerability management. There will however, even with the most diligent of data-hygiene, always be patches that are missed or custom code for which no patch exists. For these reasons constant monitoring using advanced technology that will always detect threats and vulnerabilities, is a reliable solution, so that remediation can intercept the threat, before any harm can be done.
SecurityBridge offers a free security assessment which within hours can start delivering key intelligence on a company's security posture, showing any vulnerabilities and guidance for effective patch management. In light of the potential for harm, this might be a prudent move for any organisation, with little to no downside.