In a world filled with computer applications and infrastructure as the backbone or skeletal system for all company operations today, how can leaders protect their assets from unintentional access to sensitive information? Let’s start with a basic definition.
What Is Cybersecurity?
SAP and other experts define cybersecurity as the practice of protecting networks, devices, applications, systems, and data from cyber threats. Thinking about SAP and cybersecurity this month reminded me of how many threats leaders face in managing the day-to-day operations of their businesses. If not mitigated and proactively addressed through employee education, modern threat detection tools, and other preventive measures, security risks can impact IT systems and business activities unexpectedly. It can result in financial losses that are often unrecoverable.
So, Why Does It Matter?
This is why addressing the human factor in this issue is so important. Understanding how simple strategies, if put in place, can help with awareness, personal accountability, and the adoption of behaviors that become engrained in a culture. Some more obvious strategies include multi-factor authentication, strong passwords, regular software updates, and “thinking before clicking.” There are multiple dimensions to the decisions that lead to potential IT system vulnerabilities. One of my customers strongly tied it to applications that needed patching or upgrades to protect against new vulnerabilities. The sense of urgency to upgrade applications didn’t become known until after the attack. This was the wake-up call, and it led to immediate action after the fact and significant costs to restore systems to an operational state. It was painful.
The Phishing Attempt That Did Not Succeed
There was the case of the password reset request. An employee received an email that looked legitimate. It said their password needed to be reset due to an issue with the application, so just click the link in the email to reset your password. Through annual cybersecurity risks and prevention training, the employee was taught not to click the link and to report it as a phishing attempt. When they reported it, a message was immediately returned from the IT department stating, “Good job, you passed the test.”
It Is the New Normal for Business Leaders
Most leaders must consider all types of business risks as they plan operations, from supply chain disruptions, inflation, competitive pressures, climate disasters, global pandemics, geopolitical conflicts, and other brand or reputation-related impacts, in addition to avoiding cyberattacks. As we think about SAP applications and the business processes that drive value and efficiency through innovation, it is important to put processes, tools, training, and sound decision-making in place to mitigate these risks. Planning ahead is essential to support the investments needed to protect the vital IT infrastructure critical to sustaining company operations. Strong governance and operational discipline to minimize the potential of cyberattacks must be managed intentionally because good intentions won’t matter once the intrusion happens. Learning about the cybersecurity measures natively baked into application support services provided for your essential systems, like SAP, is important for leaders to understand fully. As the landscape for threat detection continues to evolve through AI-based models and other automated tools and solutions, leaders face the challenge of continuously strengthening capabilities, eliminating vulnerabilities, and investing in employee education to minimize these situations that threaten to ruin operations.
Kimberley Reid is VP of Digital Enterprise, SAP Solutions for Hitachi Vantara. She continues her people focused commentaries for ASUG Executive Exchange. Reid draws on everyday technology, project, people, and leadership experiences of her career. She plans a forthcoming book based on these experiences and reflections.