I love You

There is not much to discuss, Oswald said: The R/3 system is controlled via Abap tables and viruses would not stand a chance there. For the I-Love-You virus, this may be true.

Last week, I once again discussed the topic of "security" at an NTT Security event in Frankfurt. My "provocative" argument: digital intrusion, viruses, Trojans and data theft in an SAP system come to nothing because a classic ERP is sustainably complex, so that the entire "data treasure" will always remain a closed book to an outsider, even as plain text.

I speak from experience, because we have an SAP Business One system running at our publishing house. But you don't have to steal the data right away - encrypting it and demanding a ransom is also sufficient. And if you can hack in between the server and the client, you can quickly see what's going on in plain text - without having to tear apart Abap tables.

NTT Security gave an impressive two-day theoretical and practical demonstration in Frankfurt of what can happen today under the catchword "cybercrime". Unfortunately, there were no specific presentations for existing SAP customers, because security awareness in the SAP community is still capable of development.

Professor Hasso Plattner even addressed a minor security scandal at this year's Sapphire in Orlando, where he warned that people should not speculate about the lack of security in the SAP system when even ten-year-old security patches have not yet been applied.

This was also another insight from the NTT Security event: If you keep your system up-to-date with all patches and updates, you have already paid half the rent in terms of "security".