Onapsis’ Business Risk Illustration provides valuable insights into the existing risk posture of an organization’s SAP applications, custom code and systems.
The assessment measures the severity of misconfigurations and vulnerabilities and the risk they pose to the business. Furthermore, it provides compliance, IT and security leaders quantitative data. This consequently allows companies to more effectively communicate business and cyber risk to executive teams and the board of directors.
SAP platforms are the core business information systems of many Fortune 2000 companies and entities worldwide. This makes them one of the most profitable targets for cybercriminals and intruders. On May 2, 2019, the Department of Homeland Security issued a US-CERT alert on 10KBLAZE, its third communication in less than three years, regarding the growing threat to enterprise resource planning applications and systems.
Onapsis issued a threat report on the 10KBLAZE exploits, which can lead to full compromise of an organization’s SAP application infrastructure and deletion of all business data, including the modification or extraction of material, highly-sensitive and regulated information.
According to Gartner, “Financially motivated attackers turn their attention ‘up the stack’ to the application layer. Consequently, business applications such as ERP, CRM and human resources are attractive targets.”
Onapsis Business Risk Illustration program
The Business Risk Illustration program also offers customer organizations access to Onapsis’s team of dedicated research experts. The team uses a software-backed services engagement approach, where no credentials are provided by the customer. The Onapsis team mimics the behavior of an attacker, identifying the target systems within the organization’s network. The goal is to detect existing vulnerabilities, weaknesses in custom code and misconfigurations.
The customer’s SAP applications and systems are rated against the Onapsis’s Business Application Risk Maturity Model, which scores an organization’s risk maturity on a six-stage scale ranging from healthy to high risk.
The corresponding output provides information technology and security leaders with a quantitative, actionable framework to inform SAP cybersecurity, compliance and also cloud migration initiatives.
“There is a disconnect between security leaders, the executive team and the board. This is due to inability to quantify security risk reduction in a meaningful way,” said Shane MacDonald, Onapsis. “Our Business Risk Illustration assessment arms IT, Information Security and Internal Audit leaders with quantitative data. It will facilitate meaningful conversations around how to prioritize security, compliance and cloud investments to better protect business-critical applications.”