How to protect ERP data when access to corporate networks is both ubiquitous and for sale on the dark web
With the current pandemic, remote working has become a new norm for the majority of the workplace. With this new way of doing things, networks may be vulnerable to malicious acts in software viruses and especially information gathering in the dark web. Piyush Pandey shares an article on SecurityMagazine.com how to protect your enterprise resource planning (ERP) data in these conditions. Ensuring ERP data security, privacy and compliance can no longer rely solely on network threat monitoring. It requires layed identity defense to limit access to and within mission-critical appliances.
Here are some ways to protect your ERP data from being sold to networks in the dark web:
Start with securing your crown jewel ERP systems. “Organizations looking to accelerate their data security maturity can choose to lock down access across their ERP systems for a “quick win.” According to the 2020 Verizon Data Breach Investigations Report, 67 percent of 2019 data breaches arose from credential theft, social engineering attacks, or errors that enabled malicious actors to gain unauthorized access to sensitive data.”
Continuously monitor privileged user activity and behavior. “With Attribute-based access controls (ABAC), organizations can set fine-grained access controls that mitigate risks. Privileged users, such as system administrators, need superuser access to do their jobs. While ABAC provides some level of control that can limit the data they access, their job functions require them to add users, delete payees and engage in other potentially risky activities across the ERP ecosystem.”
Creating layered defense at the identity perimeter to strengthen data security. “By establishing dynamic, attribute-based controls, companies can more precisely define access to ERP resources. Data masking or hiding sensitive information not necessary to the job function creates an additional security layer. Users not only are limited in their access but by masking the data, the access granted eliminates excess access risks associated with visibility of unnecessary, sensitive data. An organization’s payroll manager may not need to see employees’ account information to process the payments. Thus, limiting access and masking data create a double layer of defense.”