Should You or Your Software Vendor Own The System’s Cybersecurity?

Dateline: February 9, 2018

Welcome to our Friday WRAP – one thought-provoking idea to think about over the weekend.

Many managers assume that the software they purchase from reputable vendors is cybersecure.  After all, our vendors know their software and their vulnerabilities, issue patches all the time, and stand to lose business and their reputation if it gets out that their software is not secure.  But recently, Information Management published a blog about the vulnerabilities of SAP, one of the most used platforms for business processes in enterprises.  The article, Why SAP is more vulnerable to cyberattacks than you think, suggests,

In 2017, over 270 SAP security vulnerabilities were identified, with cross-site scripting (XSS) being the most common identified vulnerability type, and Customer Relationship Management (CRM) being one of the more vulnerable modules.

It’s not unusual for large and complex systems like SAP to have vulnerabilities. What is unusual is that these vulnerabilities are going largely unaddressed by most companies…The Ponemon study highlighted a major vulnerability that surprisingly, has little to do with the platform itself. As it turns out, many companies simply are not clear about who should be responsible for SAP cybersecurity.

Who is responsible for the cybersecurity of your ERP system?  Who should be the owner of cybersecurity of your vendor systems–you or your vendor?

That’s a WRAP!  Have a great weekend!

Speak Your Mind