Cybersecurity and internal trigger events

January 3, 2023

Cybersecurity and the need to secure access from external agents to our network are big issues that could generate concern over time. However, there is not much discussion about the incidents that could be generated internally with no external agents stepping into it*.

Below I highlight some examples of the most severe incidents described by CSIRT**, which are related to the events caused internally by the users with access to the company’s network and infrastructure, and what concerns us, in particular, to the SAP system. 

  • Gathering information: by authorising or unauthorising access to the system and by taking out privileged information such as customers (sales and conditions),  suppliers (purchases and conditions), financial and product information.
  • Intrusion attacks: by using non-active user accounts with valid privileges and by trying to enter unauthorised transactions.
  • Intrusion: by using accounts of other users and privileges such as SAP ALL, and its multiple derivations in both local and remote access (to which privileges are usually granted).
  • Availability: this can be affected by voluntary or unintentional errors and excessive privileges such as SAP ALL and similar.
  • Information content security: unauthorised access or modification of information through critical transactions and critical authorisation objects (such as DEBUG, value changes to an existing table, and many others).
  • Fraud: this can be achieved by using critical transactions (i.e. modifying credit conditions and credit documents) and by conflicting transactions due to the lack of segregation of duties – known in SAP as SOD conflicts – (i.e., making up suppliers and service orders).

With CentinelBox, you can:

  • Identify these risks with strong automated support. 
  • Control these risks by reducing or eliminating the possibility of internal fraud attacks.
  • Access the tool to perform SOD conflict detections and numerous types of automated remediation on roles and profiles. 
  • Execute the changes to ensure the security complies with the requirement of the companies. 

*ACFE (www.acfe.com) Bi-annual Report to the Nations.

*https://www.ciberseguridad.gob.cl

Leave a Reply

Your email address will not be published. Required fields are marked *