Tabletop exercises and unpracticed runbooks aren’t always enough to prepare companies for a security breach, especially when it comes to ERP systems. These business-critical applications drive the world’s economy and it’s critical to ensure that they are stable and in compliance. The need is becoming even more apparent with the results from a recent IDC survey of 430 IT decision makers finding that 64% of ERP systems have been breached in the last 24 months.
This week Onapsis and IBM held the first-ever ERP day at the IBM X-Force Command Center Cyber Range giving a select number of companies the opportunity to experience a real-time simulation of a rapidly escalating security incident. Attendees worked together in the world’s first full-scale, cyber range immersive simulation to test their response to a cyber threat on their ERP system. The purpose of the experience was to test attendee response skills in realistic attack scenarios involving hacker tools, ransomware and catastrophic exploits of ERP systems. Dipping into a decade of real-world customer experiences, Onapsis and IBM provided scenarios targeting business applications to test team responses in an unfolding ERP-based cyber crisis.
Attendees showed how they would respond to a critical situation, not just from a technical perspective, but from a business and regulatory risk one as well. Tom Austin, Digital Risk Leader at Schneider Electric, said, “With over 25 years in information security, this was a strong role-playing exercise in incident response. The material presented attains the optimal balance between technical and business functions, with scenarios providing a realistic “glimpse of a future”, conveying the panic, confusion and collapse of hypothetical strategies. At Schneider Electric, we partner with a broad ecosystem of partners, like IBM, to apply the necessary mindset, policies, and tools, in order to secure the development of our products and implementation of our solutions."
Attendees left with valuable insight about business-critical application attack surfaces, how to respond to remediate critical vulnerabilities and a bottle of ERPinot Noir.
To learn more about the range or to schedule your own ERP Day at the Cyber Range please visit: https://www.ibm.com/security/services/managed-security-services/security-operations-centers