Logpoint has released findings from a recent poll to uncover the security and cost implications enterprises face with their existing IT infrastructure.
The poll, released on Twitter, targeted cybersecurity and IT professionals in the US and the UK.
The poll revealed the extent of insecure and unmonitored business-critical systems, with 40 percent noting that they don’t include business-critical systems like SAP in their cybersecurity monitoring.
In addition, another 27 percent were unsure whether it was included in their cybersecurity monitoring.
This is worrying, as SAP is the core system behind every aspect of business operations. Organizations are vulnerable and exposed to cyber threats if not included in the centralized security monitoring solution.
“With 77 percent of global transactions hitting an SAP system, protecting against cyber-attacks is vital. Organizations store their most critical assets in SAP, and this data needs to be protected,” said Andrew Lintell, Logpoint VP for EMEA.
“SAP systems require comprehensive protection and security monitoring, and companies need to ensure they have an integrated security operations platform that monitors all IT infrastructure to ensure they have complete visibility into their SAP system,” he says.
When asked how they currently rate SAP logs for cybersecurity events or cyber threat activities, nearly 30 percent of respondents admitted that they do not view SAP logs in any way. Again, almost 30 percent said they did not know whether this was monitored. Failure to do so can create a business blind spot and make it challenging to detect and respond quickly to fraud and threats within SAP.
In addition, only 23 percent said reviewing SAP logs for cybersecurity events or cyber threat activities was automated through SIEM, and nearly 19 percent did it manually.
“By bringing SAP systems under the purview of cybersecurity solutions, security risks can be greatly reduced, and logs can be provided to support audit processes,” said Lindell.
“By bringing it into the SIEM, for example, these applications can take advantage of automation and continuous monitoring, as well as coordinated threat detection and response with log storage and log management to aid in follow-up investigations,” he says.
“The problem, however, is that companies are trying to fill the gaps in their cybersecurity stacks by spending more money on a growing litany of cloud security products, with many toolsets and features left unused or resulting in configuration errors and ultimately data breaches that are avoided.”
For companies looking to invest in cloud security, nearly 40 percent of respondents view cloud software licenses as too expensive, and 24 percent say it leads to unknown future costs. Lock-in or lack of control with software licenses was also identified as an issue by 22 percent, along with a lack of user-based licensing options by 14 percent, as the predominant charging model is based on data usage.
The results indicate a clear need to change how cloud-based security services are delivered, and businesses can benefit from a converged, cost-effective form of cyber defense.
“Businesses must continue to build their presence in the cloud, and the market is seeing a natural consolidation as complementary technologies such as SIEM and SOAR converge,” said Lindell.
“Cost-effective options are available, and a SaaS all-in-one solution can reduce the costs associated with licensing, especially if it’s based on the number of devices sending data rather than the volume of your data. See, costs rise.”