A piece of data released by the UK’s National Fraud Intelligence Bureau indicates that between January 1 and July 31, 2021, losses of £1.3 billion related to fraud and cyberattacks were reported. The increase on the last figure for the same figure is more than 300%, as in 2020 losses were £415 million.
Cybersecurity at SAP is a topic that needs more attention. More so today, when a significant proportion of employees in digital environments work from home. In fact, according to a 2021 HP study, during the pandemic 30% of telecommuters let a third party use their work device.
In this ZTalent blog post we will explain three cybersecurity at SAP threats that no company or SAP expert should overlook.
Some relevant data according to HP report
Three main SAP cyberthreats
1- Not patching important SAP applications
While this may seem like an obvious practice in this industry, a 2021 report debunked it. Produced jointly by SAP and cloud security firm Onapsis, the study suggests that many SAP-using organizations were not patching these applications. Not even at the height of the COVID-19 pandemic.
The report found “evidence of more than 300 automated exploits leveraging seven SAP-specific attack vectors” during the first three months of 2021. To make matters worse, alarmingly some of these attackers applied patches after their offensive. The goal was to leave no evidence of their crimes. How ironic is that?
Through sophisticated attacks like these, organizations’ business processes could easily be disrupted and sensitive data stolen. The report even suggests that SAP-using organizations could inadvertently breach data protection legislation.
2- Increased mobility of workspaces
A second potential threat to organizations using SAP is the increased mobility of their staff and workspaces. Products such as SAP Fiori have increased the accessibility of SAP applications for people regardless of their location. However, this has also increased potential security risks.
The ease of access to SAP applications is a plus, that goes without saying. But everything has its downside, and this is no exception. If mobile devices fall into the wrong hands, if employees use insecure networks to access enterprise systems, or if end-user devices are simply not patched or, cybersecurity at SAP is highly threatened.
3- Lack of SAP knowledge of the workforce
Finally, the threat posed by a lack of staff training in SAP user organizations must also be taken into account. Let’s think of everyday examples. You wouldn’t put your inexperienced children in the kitchen chopping onions, any more than you would let a friend without a driver’s license take a road trip. The same is true of cybersecurity at SAP.
A 2020 UK government report found that less than 25% of companies invest in training staff in cybersecurity roles, while finding that more than 27% of companies lack the personnel with the necessary skills to respond to a cyberattack. Without proper training, both technical and non-technical staff may be inadvertently exposing their organizations to attacks.