The dark web is flooded with offers to purchase access to corporate networks, according to a new “Access for Sale” study from Positive Technologies. Otherwise, the dark web is generally viewed as a place on the web where hackers purchase and sell personal information such as credit cards, login credentials, social security numbers, and other personally identifiable information (PII).
The Buzzword among Cybercriminals: Access to Corporate Networks
A year ago, cybercriminals were eager to sell, for as little as $20, access to the servers of private individuals, according to the report. Since the second half of 2019, there has been an exponential explosion of interest in selling access to corporate networks. The number of advertisements selling access to these networks increased by 69 percent in Q1 2020 compared to the previous quarter. For exclusive access to a single corporate network, prices also soared to about $5,000. The cases of cyberattacks have also risen in numbers, with a large percentage of workers working remotely.
The following tips on deploying attribute-based access controls (e.g., SAP ABAC) are strongly recommended to help you keep your ERP data protected even if hackers infiltrate your corporate network.
ABAC: Ensuring ERP Data Security
Businesses that use ERP systems are already utilizing role-based access controls (RBAC). A mechanism for data governance is provided by these controls, which align data access rights with job function resources. However, with a large remote workforce, companies need to develop a more comprehensive and dynamic strategy for access control management.
Additional contexts such as geo-location, time of day, and IP address may be implemented by enterprises with attribute based access controls (ABAC). A case in point is SAP ABAC. This ensures that the right user accesses the services and keeps users from getting more access than they need at the same time.
These granular, data-centered access privileges allow organizations to ensure that users – malicious or internal – do not have much access to sensitive ERP data, thereby mitigating the potential adverse effects of a hacker intrusion into the corporate network.
ABAC and User Activity Monitoring
Attribute-based access controls (ABAC) empower businesses to create roles and permissions that determine who, what, where, when, and how ERP data can be accessed by employees and what transactions they are allowed to perform.
Companies are now tracking user access, but it must go beyond the displayed pages’ manual audits and instances of device login and log-out. It is essential to understand data access, use, and transactions executed for security policy compliance and ensure visibility and control over enterprise data.
Organizations need control the following five parameters:
1. Who- Details of the data-accessing user
2. What- Details of accessed data
3. Where- Location of the user accessing the data
4. When- Time of the day when the user accesses data
5. How- Details of the device accessing the data
The use of an analytics platform that provides granular access information, rapid aggregation, and visualization of user’s access to data is a necessity for data protection.
It is now well-known that hackers, taking advantage of security lapses, are seeking to gain access to corporate networks. The “Access for Sale” research serves as a valuable reminder that hackers are prepared to go to any degree to obtain an advantage. Apart from conventional role-based access controls (RBAC), companies must deploy various ERP data protection protocols.