Data Integrity and the Cyber Sabotage You Might Miss
May 2, '18 by Joerg Schneider-Simon
Cyberattacks are changing. Previously, a common goal among cyberattackers was to pull off a large-scale attack that would either result in a massive theft or a complete shutdown of the target’s systems. Big and splashy, these attacks would make news and cover the attackers in infamy among their shadowy peers.
These plans had one flaw, however. They were quickly detected. And any company who fell victim to such an attack would soon beef up its cybersecurity, making it much harder for any further attacks to take place.
Now, cyberattackers are getting sneakier, and cyber sabotage is on the rise.
This means attackers are keeping a lower profile so that they can stay in their target’s system longer, where they can meddle with an organization’s most valuable asset: its data. And they’re often paid handsomely to do so by parties who have a vested interest in seeing that organization fail.
Why Data Integrity is So Important
In our increasingly digital world, data is a vital component to decision-making affecting the physical world. Data controls our utilities, our business processes, our media, our financial system — virtually everything in our modern world.
Industrial saboteurs are taking advantage of this. Instead of having to plant people onsite to physically carry out sabotage, cyber sabotage carries less risk of detection, while still having the potential to inflict serious damage. Sadly, this kind of sabotage is not rare. In fact, over half of all companies in Germany have been affected by spying, sabotage, or data theft in the past two years, costing about 55 billion euros a year.
We’ve already seen how cyberattacks that modify data can have major repercussions. Media outlets have been targeted, with attacker-generated “fake news” coming out under their own mastheads, sowing confusion, anger, and a distrust of the media in general.
Beyond the media, the potential ramifications of data integrity attacks are bone-chilling. Just one subtle, undetectable change in the data at a nuclear facility could create a chain reaction that results in disaster. This is not as far-fetched as we might hope, as the Stuxnet attack on the Natanz nuclear facilities in Iran proved, where the attacks targeted centrifuge speed while making monitoring software show normal readings. This attack resulted in the destruction of almost 1,000 centrifuges. It could just as easily have resulted in a massive accident.
Data Integrity, Cyber Sabotage and SAP
So where does this leave SAP? As it turns out, SAP is a tempting target for would-be saboteurs, with its central role in storing and sharing vital business data.
A cyber sabotage attack on SAP would not need to be large-scale to have significant effects. Consider this scenario:
A salt mine performs quality control tests on samples of road salt before distributing it to their major client, a government department charged with snow removal. The Quality Control lab performs the tests and inserts the purity results into an SAP ERP function. A cyber-saboteur modifies the test results, raising the posted purity higher than it actually is. The mill distributes salt that it thinks meets the government department’s standards. However, when the government department tests the salt upon receipt, they see that it is actually well below purity standards. If this happens more than once, the mine could easily lose that lucrative contract, putting its entire future at risk.
Subtle cyber sabotage like this could also happen with payment instructions, supply chain management, or financial data. Imagine management basing strategic decision-making and budgets on altered financial data, and you can easily picture a chain reaction of missteps that could jeopardize the company’s reputation.
How to Prevent Cyber Sabotage
With data integrity attacks becoming increasingly common, organizations using SAP need to have this threat squarely on their radar.
The first key is knowing how these attacks happen. Usually, attackers gain access to SAP data via standard means like SQL injections, directory traversal attacks, or OS-command injections.
Invariably, they go for the companies whose SAP systems are not rigorously protected. Unfortunately, however, that covers a large volume of SAP systems, as SAP itself is not automatically protected against these types of attacks, and OS-level anti-malware programs do not cover SAP.
The best way for organizations to protect themselves against data integrity attacks is to keep cyberattackers out of their SAP system in the first place. And the best way to do that is with a comprehensive security solution that is designed specifically for SAP.