Remote Work: Is it Threatening Your SAP Cybersecurity?

Infected. Unprepared. Unprecedented.

These are the words that experts are using when discussing the coronavirus—but while medical experts use those terms in reference to human health, cybersecurity experts are having similar discussions about SAP systems.

With most organizations being forced to shift as much of their workforce as possible to remote work, there is now a higher risk of cybersecurity attacks. Many companies and government departments found themselves unprepared for the onslaught.

Remote workers provide a rich target for cyberattackers. “The work from home dynamic creates a very opportunistic situation for hackers and phishers. Every home device or wireless connection is a potential entry point,” says National Review in their article, Working Remotely and Cyber Security During the COVID-19 Outbreak.

SAP systems are especially at risk during the coronavirus pandemic because highly critical SAP applications are now being accessed from outside of company networks (using SAP FIORI, but also by more traditional means like web or even SAP-GUI). This is entirely new territory for a lot of organizations that are not experienced in managing a remote workforce, let alone managing that remote workforce’s cybersecurity.

“We always say that you can’t manage what you don’t know about. And that is going to be a truth with nightmare consequences for many companies and government agencies struggling to respond to the coronavirus situation,” says Dr. Barbara Rembiesa, president and CEO of the International Association of IT Asset Managers. “The impulse to send employees home to work is understandable, but companies and agencies without business continuity (BC) plans with a strong IT Asset Management (ITAM) component are going to be sitting ducks for breaches, hacking and data that is out there in the wild beyond the control of the company.”

Why Remote Employees Increase SAP Cybersecurity Risk

Despite the many benefits to remote work, it does expose organizations to multiple new vectors for cyberattacks. According to McKinsey, sending workers home to work has exacerbated perennial cybersecurity challenges:

• unsecured data transmissions by workers who aren’t using VPN software
• workers using their own, insecure devices to access company networks
• workers accessing the internet through insecure home Wi-Fi networks
• sharing home networks with spouses, children, grandparents and others who are not taking adequate precautions to protect their devices against cyberattacks
• weak enforcement of risk-mitigating behaviors (the “human firewall”)
• physical and psychological stressors that compel employees to bypass controls for the sake of getting things done
• homebound employees struggling to access data and systems who attempt risky workarounds

The potential consequences of this increased risk can be severe:

Increased phishing attacks

According to National Review, data security is not top of mind for many remote employees during the pandemic. Which means typical safeguards against cyberattacks are down. “We have seen a significant rise in COVID-19-related phishing attacks, where hackers are taking advantage of individuals' fear and need for health, safety, and financial aid information,” says National Review. “Unfortunately for businesses, a company can lose control over its data and be subject to significant legal liability due to a single email click or transmission of its data over an unsecured network.”

Data breaches

We are already seeing an increase in data breaches during the pandemic. Princess Cruises, the cruise liner forced to halt its global operations after two of its ships confirmed on-board outbreaks of the coronavirus, has now confirmed a data breach.

While data breaches are always a threat, SAP systems are a particularly attractive target for attackers, due to the sheer volume and sensitivity of data contained in most SAP systems. With so many employees going remote, would-be data thieves suddenly have millions more points of entry to SAP databases.

Internal mistakes

If the entire company has shifted to remote work, it can be difficult to adjust to this new normal without some level of upheaval. While the workforce is in this state of flux, it’s not uncommon for the occasional task to slip through the cracks. This can have major repercussions when it comes to SAP cybersecurity. There already exists a major responsibility gap, with both SAP teams and IT teams not quite sure who has ownership of the SAP cybersecurity issue – that gap is likely to be exacerbated now that so many organizations have been upended.

Attackers are likely to target the weakest link in the chain, such as remote workers with direct access to business-critical resources via VPN. Compromising a user’s device in their home-office setting is a much easier task than compromising that same device inside the corporate office, where it’s likely to be shielded behind layers firewalls, proxies, gateways, IDS/IPS and other corporate security tools – none of which exist in the typical home-office setting.

Steps to Take to Reduce SAP Cybersecurity Risk

1. Increase employee awareness

Companies must minimize their exposure to attacks with increased employee education, increased communication about current threats, and an increased focus on planning and policies. SentryBay CEO Dave Waterson in an interview with Raconteur predicts up to 40% more cyberattacks during the coronavirus crisis. Take the time to educate your employees – especially those accessing SAP FIORI, about good cybersecurity hygiene and how they can do their part to keep SAP systems safe.

2. Adopt a zero-trust model

Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside their perimeters but must instead verify everything trying to connect to its systems before granting access.

Zero trust narrows defenses from wide network perimeters to individuals or small groups of resources. It aims to protect resources rather than network segments and is an ideal model to follow for organizations that suddenly have a massive number of remote users and cloud-based assets that are not located within an enterprise-owned network boundary.

3. Secure and test

Cybersecurity teams must secure work-from-home systems. They must test and scale VPNs and incident-response tools. Cybersecurity teams should also consider reviewing access-management policies based on our new reality, so that employees can connect to critical networks and SAP applications using their personal devices.

Our workplace has changed and may never go back quite to where it was. Businesses need to take smart and sure steps to adapt to these new circumstances, protecting their mission-critical SAP systems from cyberattacks, both now and in the future.

If you are unsure of where to begin, we recommend integrating security directly into the application layer and relying less on security tools at the infrastructure level. Bowbridge Anti-Virus, for instance, integrates directly into the SAP application infrastructure to secure file transfers in SAP applications – regardless of where the user is and what device or network they access the application from. To learn more, watch our webinar on File-Based Threats to SAP FIORI Applications.