1. Our SAP systems are “internal only”. Their exposure to outside attackers is low/zero.
Best Answer: Fully Agree
However, even “internal only” systems are not 100% safe.
The internet is not the only “untrusted” network. With the erosion of network perimeters and the proliferation of mobile and roaming devices moving in and out of the corporate network, it is increasingly difficult for large organizations to segregate “safe” from “unsafe” networks. One compromised employee laptop or smartphone can be enough for an attacker to bridge into your network.
The infamous “insider threat” is very real when it comes to your mission-critical systems. Think of the harm that could be done by a disgruntled employee, a dishonest contractor or even a targeted attack, where a seemingly innocent visitor plugs a device into a hidden network socket in your office. In fact, 34% of all breaches in 2018 were caused by insiders.
The “Zero-trust” cybersecurity trend needs to be applied first and foremost to your mission-critical systems – like your SAP systems.