The way your organization manages its risk tolerance and regulatory factors are key performance indicators (KPIs) for assessing your cybersecurity posture. The most critical KPI is the specific time duration between vulnerability discovery and patch deployment, or the time it takes to implement a patch to address Common Vulnerabilities and Exposures (CVEs).
Breaking down the vulnerabilities, the most concerning is the “zero-day.” A flaw in a system that has no available fix and is unknown to the vendor is an actual zero-day vulnerability. When a zero-day patch is released to the public, the vulnerability is no longer considered a zero-day. The most critical issue is the timing of when the zero-day vulnerability is disclosed and when the corresponding patch is applied. This timeframe is when your system is most vulnerable and gives hackers the best opportunity to exploit the zero-day vulnerability, also known as the n-day vulnerability or unpatched known exploit; this is where we will concentrate our focus.
Once a patch is released, every hacker is aware of it and also knows how to exploit it. The longer it takes to install a patch, the more time bad actors have to apply their nefarious techniques in the service of breaching your system. This timeframe highlights the importance of patch management strategies. When it comes to complex SAP environments, prioritizing the “Time to Patch” is crucial for mitigating risks.
Zero days lead to the most critical cybersecurity KPI, which is “Time to Detect and Respond.” The duration the bad actor is in the system, the amount of data exposed, and the speed at which the problem was resolved are the most crucial pieces of information when it comes to breaches. The longer a hacker is in a system, the more damage they can do. Stealing financial information, acquiring intellectual property, and setting up backdoors can all be accomplished within this timeframe. Therefore, the sooner the cybercriminal is identified, the more quickly they can be removed from the system.
Avoid KPI Errors
One of the most significant errors associated with KPIs is viewing them in isolation. It’s not all about numbers. For example, if your KPI indicates a risk rating of “1,” and the industry benchmark is a “2,” this tells you that you have a performance gap that needs immediate attention. However, KPIs don’t construct the entire cybersecurity picture; geopolitical tensions, economic instability, or large-scale events can significantly reshape the threat landscape.
Conflicts and rivalries between nations can lead to heightened tensions, which in turn increase the likelihood of state-sponsored cyberattacks. These tensions could put targets on government entities or organizational networks. If the tensions escalate into actual physical conflict between nations, state-sponsored cyberattacks could pivot to target power grids, transportation networks, and communication infrastructure.
Situations on the world stage create an environment where both state-sponsored and non-state actors are more likely to attempt attacks. This is what is meant by ensuring that you are not operating in a vacuum. Any heightened tensions or actual conflicts necessitate proactive cybersecurity measures.
Conclusion
When it comes to SAP security, a holistic cybersecurity framework is vital. Organizations must ensure that their cybersecurity metrics are relevant to their unique operational environment, as well as preparations for unexpected global turmoil. Continuous monitoring and vulnerability management are crucial for maintaining the security of SAP systems. Reducing “Time to Patch” and “Time to Detect and Respond” KPIs is the goal. Third-party monitoring tools, in conjunction with native security offerings, provide holistic visibility into software and landscapes, enabling the classification and alerts for patching zero-day threats. Additionally, regular vulnerability assessments can identify weaknesses that require immediate patching. By integrating these practices, organizations can significantly improve their security posture.
About the Author
Bill Oliver is U.S. Managing Director at SecurityBridge. He has over 20 years’ experience in the field of SAP Information Security and auditing which includes large scale Security and GRC implementations as well as managerial roles in external audit, advisory, and assurance services. Bill holds a Master’s Degree in Information Technology from Boston University and is a Certified Information Systems Auditor (CISA). He has been a regular presenter on SAP Cybersecurity since 2015. Bill can be reached online at [email protected], https://www.linkedin.com/in/billoliver2/
