Halloween 2020 (the day, not another movie) is right around the corner. Usually, I’m thinking about spirits and haunted houses and candy. Now that I’m working for a company that helps organizations defend their ERP data, my mind wanders to a more sinister “spirit” that might be haunting the halls of your legacy ERP system: the advanced persistent threat (APT). These technological poltergeists work hard to remain undetected as they quietly take possession of the very soul of your company: your data. Let’s look at how you can find out if you have one and what you can do about it.
TechTarget defines an advanced persistent threat (APT) as a “prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period of time.” APT attacks are typically aimed at organizations in sectors such as national defense, manufacturing, and the financial industry due to their high-value information.
While your company may not be the type of organization to draw the attention of well-organized and well-funded hacker groups or rogue nation-states, you must remember that the attacker’s primary focus is to steal data rather than cause damage to the network. That means an APT can be a malicious outsider or an insider. And the last thing they want is for you to detect their presence and cast them out.
Haunted house movies typically start the same way: the residents of the house begin to notice slight anomalies that indicate something out of the norm is happening. Let’s take a look at some spooky behavior that can indicate the presence of a figurative ghost in the ERP system.
Perhaps your payroll department notices irregularities: different direct deposits getting wired to the same account, employees who opted for paper paychecks instead of direct deposit report they are no longer receiving their mail. Or, perhaps during a routine security audit, you notice the sudden creation of high-privileged user accounts, yet there are no entries in the logs that show who requested or approved them. Finally, you might wonder why, and how, Fred from procurement is logging into the HRIS and frequently accessing executive payroll information. Is it actually Fred or Fred’s login credentials?
There are other signs of paranormal activity in your ERP system, such as after-hours activity by normal accounts, excessive login failures, and suspicious access from overseas locations and unknown IP addresses. Regardless of the signs, your next step is to begin an investigation. The advanced persistent threat is counting on your inactivity to stay hidden.
When abnormal behavior reveals itself, companies using legacy ERP systems are often left in the dark. These systems lack the granular visibility into data access and usage essential to locating and removing malicious spirits.
Appsian empowers companies to adopt a layered security approach that features dynamic controls for authentication & authorization, along with real-time monitoring that provides transparency over what data is accessed and by whom. Appsian adds these extra layers of security WITHIN your ERP system to help ensure that data is still protected even if it is being haunted by an APT (ex. valid login credential stolen by a phishing attack.)
Every organization, regardless of size or industry, is susceptible to advanced persistent threats, in addition to all the other cybersecurity threats that go bump in the night. Prevention and early detection are your best defenses against these ghosts and spooks accessing and stealing your company’s data.
Contact us today to learn how the Appsian can help you establish a multi-layered security solution and increase your visibility into data access and usage.