January 24, 2023 How Manufacturers Can Secure Business Applications

A deeper look at business-critical application security for manufacturers.

By Sadik Al-Abdulla, CPO of Onapsis

In addition to a string of supply chain challenges, such as a shortage of goods and port closures, cybersecurity vulnerabilities plaguing supply chains have been at the forefront of this year’s news cycle.  According to IBM, manufacturing was the most attacked sector in 2021, accounting for 23% of ransomware reports. Additionally, the average cost of a manufacturing data breach amounted to $5 million and, on average, took more than 200 days to identify and nearly four months to contain. The manufacturing industry’s rapid adoption of digital transformation and lack of efficient tools and processes to secure new technologies, coupled with a sharp rise in attacks, has the potential to severely impact an entire supply chain.

It’s impossible for manufacturers to safeguard what they can’t see, which is why visibility into business-critical applications is essential to successfully navigate today’s threat landscape. Unfortunately, the majority of organizations leverage conventional vulnerability management tools that cannot identify hidden vulnerabilities within mission-critical systems, such as enterprise resource planning (ERP) applications. To strengthen resiliency and maintain insight into potential threat vectors, including misapplied patches, misconfigurations, and over-privileged authorization, manufacturing operators must implement modern vulnerability management methods and tools that were developed with business-critical applications in mind.

Assessing the Current ERP Threat Landscape

ERP applications are at the core of every manufacturing organization. These systems support critical facility operations that enable companies to run on a daily basis, including production scheduling, inventory management, payroll, and more. A direct attack on these applications could provide a gold mine of value, and this hasn’t gone unnoticed by cybercriminals.

The Elephant Beetle cybercrime group is a prominent real-world example of how attacks on ERP can result in considerable damage to an organization. This sophisticated threat group was found lurking within organizations’ networks and secretly stealing millions of dollars. Elephant Beetle was able to stay undetected for several months by assimilating into the background and quietly familiarizing themselves with organizations’ financial operations before conducting fraudulent transactions.

While ERP attacks can have devastating consequences, vulnerabilities within ERP applications have also been coming to light more frequently. In early 2022, three critical flaws were discovered in SAP Internet Communication Manager, a core component of SAP business applications. Out of the three disclosed vulnerabilities, one was added to the US Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities Catalog (KEV). Companies that have yet to patch these flaws are subject to the exfiltration of sensitive or confidential corporate information, financial harm, and more. However, business-critical application security fails to remain a priority for countless enterprises today.

Achieving Visibility into the ERP Landscape

Many organizations focus a significant amount of time and budget on preventing common threats, such as ransomware. They often leverage a defense-in-depth strategy, where they invest in numerous layers of technology to defend the enterprise. Indeed, tools like endpoint detection and identity management are essential, but they are simply not enough to protect the business applications themselves. Elephant Beetle highlighted that a single attack on an ERP application can cause significantly more damage than, say, a ransomware attack on a desktop. Thus, while the rate of occurrence for ERP attacks may be lower than ransomware, an attack on one of these applications results in a significantly higher single-loss expectancy.

It’s critical that manufacturers re-evaluate their cybersecurity strategy to keep pace with the current ERP threat landscape. To start, they must obtain direct visibility into their business systems to ensure no misconfiguration, unauthorized user, or other threat goes undetected. This will also allow them to proactively handle potential risks to the reliability and performance of the applications they depend on for their fundamental business functions.

Maintaining Proactive Risk Monitoring

The majority of organizations are aware of how vulnerable they are against attackers. According to a Ponemon Institute survey, 60% of security professionals acknowledge that application protection is a top security objective. However, almost two-thirds say that it is challenging to reduce the risks to critical applications because they don’t have the time nor the resources to monitor for threats and prevent all attacks. Despite having limited resources, manufacturers can secure their supply chains and remain compliant by adopting modern tools that continuously and proactively monitor for misconfigurations and vulnerabilities within their business-critical applications, while automatically providing recommendations for remediation. This will give them operational insights and enable them to accurately assess which vulnerabilities are at higher risk and which don’t need immediate attention. Proactive monitoring could be the difference between maintaining security and a catastrophic breach that could damage the company’s reputation.

A New Approach to Identifying Vulnerabilities

Traditional vulnerability tools are inefficient for business-critical application security, as they are unable to provide deep visibility within these systems. This indicates that more complex solutions are needed to protect these applications from vulnerabilities. Having a solution that assesses and monitors for weaknesses, threats, and misconfigurations will help operators understand the risk to their business operations and ensure that their supply chain is appropriately secured. With more robust cybersecurity tools built specifically for their mission-critical systems, manufacturers can ensure their operations are secure.

About the Author:
As Chief Product Officer, Sadik is responsible for leading product vision, strategy, and execution for The Onapsis Platform. An executive leader of enterprise security businesses with more than 20 years of experience, Sadik has the insight and expertise to help customers solve today’s most sophisticated security challenges.

Prior to joining Onapsis, Sadik served as Vice President of Product Management for McAfee’s enterprise business. While at McAfee, he envisioned and brought to general availability their market-leading SASE/SSE product and evolved their Gartner Magic Quadrant leading CASB solution. He was also responsible for several other major product lines, including data loss prevention (DLP), secure web gateway (SWG), and network-based intrusion prevention system (NIPS). Previously, Sadik held multiple leadership positions at CDW, helping to lead the security business to over 3x growth. He is a former security consultant, security researcher, and penetration tester.

Subscribe to Industry Today