ITWeb met and spoke to Tunde Ogunkoya, Consulting Partner at DeltaGRiC Consulting, about the USIS and OPM hack that happened in May this year and how it affected companies in Africa.
Ogunkoya said DeltaGRiC recently conducted a workshop for key IT professionals in one of the top African firms.
"Within a few minutes of the workshop it was clear that they were in denial. They kept on telling us about how well they had put up new generation firewall systems.
"Of course, we do respect the righteous and rigorous efforts they went through to put up these plans, but evidently, what they unconsciously, or perhaps consciously, refused to come to terms with is that the development of security solutions and their complementing services begins with the concept that every computer installation (software/firmware) has its own unique or special features and, therefore, each computer's security system requires a particular solution to address specific needs within the organisation - there is no silver bullet!," said Ogunkoya.
"The USIS and OPM hack that started off from an unpatched vulnerable SAP landscape should have sent some message to a number of SAP customers to start taking innovative and proactive steps to securing their landscape. There is no doubt that persistent attackers will go to all lengths to make sure that they get their objectives met: which is to hack your system," he continued. "To simply depend on firewalls, endpoints, virus scanners, security policies is important to beefing up your arsenal; it surely helps to keep away the attacks off the networks but it is not enough to protect the SAP landscape," he explained.
He continued that most people assume that SAP is safe by default which is in fact not true as many configurations plus standard security settings on SAP are actually insecure as there are quite a lot of violations even with SAP recommendations. Antivirus and perimeter defence strategy alone are not adequate as they do not understand SAP traffic.
"More than 80% attacks are at application layer and almost 90% applications including SAP applications are vulnerable to these attacks. Traditional solutions in the form of Web scanners, firewall, intrusion detection system (IDS) or Web proxies are ineffective to mitigate application level attacks," emphasised Ogunkoya.
He stated that some risk-conscious companies who have gone ahead with implementing SAP IDM and SAP GRC solutions have the notion that they are protected from both insider and external threats, which is not true as although the SAP GRC solutions can help automate roles and authorisations as well as SOD issues, they do not monitor the SAP routers, RFCs, or even some vulnerabilities like bypassing internal security to delete audit logs.
"To put things in perspective, just recently, a report came out showing attackers being able to slip rogue backdoor firmware into Cisco Routers, thereby replacing what originally came from the OEM in order to manage their way into the network and ultimately into machines within the network," said Ogunkoya.
This goes to show that it is possible to bypass network perimeter defences even in most modern technologies and new generation firewalls. "So, it begets the question: Does this mean that there is no way to be protected from cyber-attacks? Yes there is, it is called a multi-layered security approach," he said.
He said a high percentage of SAP implementations have vulnerabilities exposing them to cyber-attacks, and that IT security and SAP Security teams operate at a disconnect to solve this issue, continuing to be in denial that their systems are susceptible to attacks.
Click to find out more about DeltaGRiC Consulting
Share