Level 3: Preventing Intrusions into Your SAP Systems

1. Your SAP system has been hacked. What is the first thing you must do?

Best Answer: d.

Contain the intrusion.

The first thing you must do after discovering that your SAP system has been hacked is to contain the intrusion. Gathering your incident response team must wait. Rooting out the cause of the attack must wait. Within minutes of discovering the attack, the employee who encounters the threat must alert your incident response team and start implementing the first steps outlined in your company’s cybersecurity response plan.

If you do not have a cybersecurity response plan, the staffer who discovers the intrusion must alert your IT and management teams immediately. Your IT staff must then disconnect the affected computer, server or other device from your network. Next, review your on-premise backups and backups in the cloud to make sure they are not compromised.

2. What is the first step in securing your cloud-based SAP systems against cyberattacks?

Best Answer: a.

Making your technical settings secure.

Step one in securing your SAP cloud platform against attacks is understanding that there are technical settings that you must get right. Fail here, and you leave your system vulnerable to exploits that can have immediate and catastrophic business and financial consequences.

If you leave these system-wide technical settings in an insecure state, external hackers and disgruntled internal employees can easily bypass your data access controls and gain unrestricted access to your entire system. The most important of these technical settings to get right is properly segmenting SAP on your internal networks.

3. How big is the gap between the current state and the desired state of your organization’s cybersecurity culture?

Best Answer: c. No gap

Ideally, your cybersecurity culture is strong, not just with your IT team, but throughout your entire organization.

If you answered, “No gap,” you are in the minority. According to ISACA and the CMMI Institute in their 2018 Cybersecurity Culture Report, only 5% of organizations are satisfied with the state of their cybersecurity culture. Less than half of the organizations studied regard their security culture as “very successful.”

And yet a whopping 90% of successful cyberattacks are caused by human error. Why? Because most organizations don’t have a healthy cybersecurity culture. If you want to improve cybersecurity at your organization, start by creating a cybersecurity culture. Here are nine tips for building a cybersecurity culture.

If your answers matched ours, congratulations! Ready to find out if you’re a guru? Move on to Level 4!