Strategies to Thwart Ransomware and Supply Chain Attacks

By Fred Donovan, Senior Editor, SAPinsider and Rizal Ahmed, Chief Research Officer, SAPinsider

Key Takeaways

• Ransomware and supply chain attacks pose an ongoing threat to organizations worldwide.
• Updated security tools and good cyber hygiene are the best ways to defend against these threats.
• Layer Seven Security leverages SAP Solution Manager to secure a customer’s entire SAP landscape.

Today, enterprises are confronting a myriad of cyberthreats. Two of the most destructive are ransomware and software supply chain attacks.

Ransomware attacks have soared over the last couple of years, and that trend has only accelerated. In fact, ransomware attacks have increased 57% since the beginning of this year, and the average number of companies suffering a ransomware attack doubled between 2020 and 2021. Attackers have added data theft to their arsenal of data encryption to increase pressure on victims to pay the ransom.

In addition, high-profile software supply chain attacks have infiltrated and disrupted governments and enterprises around the globe by exploiting vulnerabilities in trusted vendors’ software. The SolarWinds hack, in which Russian attackers injected malware into vulnerable Orion network management software, compromised nine U.S. federal agencies and more than 100 companies. And more than 10 hacking groups recently targeted critical vulnerabilities in Microsoft Exchange Servers that could enable attackers to seize control of networks.

To help us better understand these threats and strategies to defend against them, SAPinsider talked to Ian Thomson, Chief Operating Officer (COO) at Layer Seven Security.

Risks of Outdated Tools, Unpatched Vulnerabilities

Ransomware attacks thrive on outdated cybersecurity tools and unpatched vulnerabilities, observed Thomson. “Traditionally, with a lot of the cybersecurity tools, they don’t give a lot of visibility into the SAP application layer. Yet, there is vulnerability in SAP systems to ransomware,” he said.

The Layer Seven COO recommended that enterprises focus on three strategies to protect against ransomware attacks:

1) Security Awareness Training: Conduct training exercises to enable employees to recognize ransomware and avoid executing applications that deploy the malware.

2) Anti-Ransomware Tools: Deploy software that can detect when ransomware files are being executed and stop the infection from spreading.

3) Harden Systems: Perform vulnerability assessments and harden systems against attack (e.g., ensuring robust passwords and monitoring gateways).

Recent supply chain attacks have opened organizations to cyberespionage and disrupted vital products and services. They exploit trusted vendors who need access to an enterprise’s applications and environment through its network.

“Software supply chain attacks are devastating. It’s not just the companies being attacked but real services being interrupted … These are critical attacks that are happening,” Thomson said.

He advised organizations to ensure that the vendor performs compliance audits, conducts peer reviews of its software, and provides evidence that these things are being done.

“What is really challenging about supply chain risk is that the attackers exploit trusted connections,” he observed.

How Layer Seven Can Help

 Toronto-based Layer Seven Security offers SAP users an SAP-certified cybersecurity extension that provides advanced vulnerability management, threat detection, and incident response to secure SAP systems from cyberattack. The company leverages SAP Solution Manager, which supports system patching, change and incident management, and system monitoring, to secure a customer’s entire SAP landscape.

 Thomson explained how Layer Seven differentiates itself from other SAP security vendors:

1) Integrating with SAP Solution Manager, which connects to an enterprise’s managed systems and has a secure connection to the SAP backbone for areas such as patch management. Layer Seven uses Solution Manager where it does things well and plugs the gaps where Solution Manager doesn’t perform well.

“We leverage what you have, and we look at what can we enhance and what’s already there in terms of your SAP landscape,” he said.

2) Looking across the entire SAP technology stack, databases, applications, ABAP code, operating systems, and gateways to secure SAP systems.

“An SAP application consists of many different components working together, and we’re the only company that goes across the whole technology stack to secure your SAP application landscape,” he noted.

The company’s customers vary by size, from small companies right up to household names, and by industry – oil and gas, manufacturing, retail, pharmaceuticals, and government agencies.

The vendor serves SAP security and BASIS professionals, compliance officers, chief information security officers, and the C-suite.

“Your most critically important applications are the lifeblood of your company and drive market value. You should invest in application security because it’s going to help you a lot,” Thomson concluded.

What Does This Mean for SAPinsiders?

The cyberthreat environment has grown increasingly menacing for organizations confronting a rise in ransomware and supply chain attacks. Here are some things that SAPinsiders should keep in mind as they defend their enterprises against these attacks:

Don’t forget the security basics: Practice good cyber hygiene, such as training employees on security, implementing software patches, installing antivirus software, using multi-factor authentication, and backing up files regularly.

Develop and implement an incident response plan: The plan should include measures to detect a malware infection, contain and isolate the malware, eliminate the vulnerabilities that led to the infection, restore lost data, and meet regulatory and contractual obligations.

Leverage partner companies to improve your security posture: Due to the rapid changes in malware and attack methods, you should rely on trusted partners to help fill your knowledge and skills gaps and deploy robust security tools. This is particularly important for small and medium-sized companies that often have limited financial resources for security.

About Layer Seven Security:

• Headquartered: Toronto, Canada
• Company details: Layer Seven Security delivers advanced vulnerability management, threat detection and incident response to secure SAP systems from cyberattack. The company is an SAP Partner and an industry leader in the provision of security solutions and services for SAP