Just a few days ago, the Australian Prime Minister, Scott Morrison announced that Australia is being continuously targeted by sophisticated, state-sponsored cyber-attacks. The hacking attempts were confirmed as widespread across “all levels of government,” including essential services and businesses throughout Australia.
The attacks were reported to exploit system vulnerabilities within the public-facing infrastructure. They also included spear-phishing, aimed at harvesting passwords – specifically for privileged users like admin and service accounts. The attackers are actively targeting national intelligence and Australians’ private information.
These attacks in Australia are a wake-up call for organizations to harden their security posture NOW!
Besides the basic principles of patching, using safe settings within applications and having a robust backup strategy – the Australian Cyber Security Centre recommends restricting administrative privileges and using Multi-Factor Authentication for all users. Especially while performing a privileged action or while accessing an important data repository. Organizations need to align their security strategy closely with the Zero Trust security model, based on the principle of “never trust, always verify.”
Legacy ERP applications are both a prime target and highly vulnerable to these attacks
A lot of government agencies and businesses in Australia use legacy ERP applications like PeopleSoft, and these applications make luring targets for cybercriminals because of the wealth of sensitive data they contain.
These large scale ERP systems were not designed to be exposed directly to the internet as we know today. Opening them to remote access, especially now when organizations are trying to maintain continuity, has significantly increased the risk to sensitive information.
Your users are the weakest link in your security strategy – guard them!
The success of Phishing attacks relies entirely on users falling for them. Organizations can beef up security by making minor adjustments to their existing user authentication process. This can be achieved by the use of Single Sign-on (SSO) and Multi-Factor Authentication (MFA).
Implementing an SSO drives users away from using recurring, weak passwords. And MFA can help reconfirm the identity of a user when access comes from an unknown location or when a specific high-risk piece of information is accessed.
Challenges with implementing SSO and MFA solutions for legacy ERP systems
PeopleSoft applications demand a ton of customization and added infrastructure to support these solutions. Most SAML based Id providers do not work with PeopleSoft because of the lack of native SAML support. To avoid the added effort and cost involved with custom projects, organizations must focus on building native SAML support within PeopleSoft.
Similarly, there are reservations with many MFA providers as they can only be implemented at the login level. Enforcing MFA at login for every sign-on attempt can cause MFA fatigue. It also allows full access to information, even if the user forgets to lock screen or log out.
To strike a balance between security and usability, MFA can be enforced conditionally, for example, enforcing an MFA challenge when access is coming from an unusual location, or requiring MFA only for a sensitive field or transaction.
Appsian helps customers implement SSO and MFA within PeopleSoft quickly, with little effort. Please write to us at firstname.lastname@example.org to kick start your Zero Trust Security project in your environment.
Want to learn about our SSO and MFA Solutions in detail? Check out our buyers’ guides.
Join Our Upcoming webinars for the Australia (APAC) and ANZ Region.
Greg Sosna is part of our cybersecurity team, and he looks after our customers in the APAC and ANZ region. Join him and other subject matter experts presenting different strategies to protect and enhance your ERP investment today and well into the future.