Most enterprises are aware that business disruption carries heavy costs, but still they fail to prioritize the security of business-critical applications.
A business-critical application is any application crucial to a company's ability to do business. They can have a huge impact on the organization’s bottom line, causing substantial business disruption if compromised. One example is Enterprise Resource Planning (ERP) solutions, which assist core business processes in accounting, legal, marketing and other key departments. Another example would be Customer-Relationship Management (CRM) solutions, which compile vast amounts of data from a range of communication channels.
New research from CyberArk reveals a stark disconnect between the areas security efforts concentrate on and the areas that actually offer the most value to a business.
In a survey of 1,450 business and IT decision makers from Western Europe, 61% of respondents agreed that even the slightest downtime affecting business-critical applications would be massively disruptive. And, with the cost of an ERP hack averaging $5.5 million USD, compromise to core apps and processes is no laughing matter.
More than half of organizations admitted to data loss, integrity issues or service disruptions in the past two years. Despite this, the survey found 72% of respondents are confident that their organization can effectively combat an attack at perimeter level.
“This brings to light a remarkable disconnect between where security strategy is focused and the business value of what is most important to the organization,” researchers said. “An attacker targeting administrative privileges for these applications could cause significant disruption and could even halt business operations.”
Organizations are increasingly migrating data for popular ERP tools and other business-critical apps to the cloud, with 74 percent of respondents indicating they have already started this process or will do so soon. This is the time to prioritize risk to protect these assets for a successful transition, researchers say.
“From banking systems and R&D to customer service and supply chain, all businesses in all verticals run on critical applications. Accessing and disrupting these applications is a primary target for attackers due to their day-to-day operational importance and the wealth of information that resides in them – whether they are on-premises or in the cloud,” said David Higgins, the firm's technical director. “CISOs must take a prioritized, risk-based approach that applies the most rigorous protection to these applications, securing in particular privileged access to them and assuring that, regardless of what attacks penetrate the perimeter, they continue to run uncompromised.”