Number of corporate cyberattacks increases dramatically

The situation is coming to a head: In a test in April of this year, Deutsche Telekom recorded up to 46 million hacker attacks on German companies in just one day. On average, there were around 30 million attacks per day - that is a dramatic increase compared to 2017, when around four million attacks were still counted. Partly due to the increasing digitalization of society and companies, the opportunities for hackers to tap into corporate data and use it for subsequent blackmail are more diverse today than ever before. And they are causing considerable damage: Tens of billions of euros are lost to the German economy every year due to data theft, espionage and sabotage, according to industry association BITKOM. According to the report, 70 percent of German companies were demonstrably affected by cyberattacks in 2018. Due to the increasing speed and complexity of digital processes in companies, IT managers are required not only to comprehensively protect their SAP infrastructures, but also to respond to critical situations in real time. But even that is not so easy, because managers are currently encountering another challenge: Due to the shortage of skilled workers, it is particularly difficult to optimally staff internal teams in Germany. In addition, employees are tied up by the increasing demands of day-to-day business - in addition to the usual tasks, these include more stringent checks by supervisory authorities such as the BSI or new laws such as the DSGVO, which also play a major role. As a result, companies are often unable to implement all the measures required to protect the particularly important SAP systems.

Fast and sustainable solution through intelligent tools and experienced experts

In order to adapt quickly and, above all, holistically to these diverse challenges, it is advisable to enlist external help. The use of intelligent tools can quickly relieve the burden on specialist departments: With SAST SUITE, for example, our experts provide comprehensive and, above all, rapid protection of SAP systems. Using individual solutions and in-depth SAP expertise, the goal is to "Get clean" and "Stay clean".

1. get clean: identify vulnerabilities and harden system

The first step is an in-depth inventory by means of a Security & Compliance Audit. Using SAST SUITE - our software for Governance, Risk & Compliance, which takes into account all company-relevant dependencies - the experts usually know about all security vulnerabilities within one to two weeks. This is not surprising, because the simulated attack reveals potential entry points very well. These points are then hardened, i.e. the vulnerabilities in the IT system are remedied. A particular focus here is on databases, networks and operating systems, because hackers like to bypass SAP systems.

2. stay clean: intelligent protection in real time - with overview

Once the systems are secure, the challenge, especially for large companies and corporations, is to quickly get a grip on their extremely complex system worlds. For efficient IT security, it is essential to gain a comprehensive overview in the shortest possible time - this is what a management dashboard provides. According to the DSAG Security & Vulnerability Management working group, a proper dashboard is the key prerequisite for developing and implementing imperative better security concepts - but it is in use at only 11 percent of companies. Our management dashboard provides a transparent visualization of all critical system activities including an analysis and presentation of the historical development at the push of a button. The SAST Security Radar (SSR) is a further addition to relieve the IT team and provide holistic protection for SAP systems: it performs vulnerability scans of all technology levels and displays the overall security status of SAP with other IT systems in real time.

Bringing support on board: With Managed GRC Services

After that, the challenge is to continue to meet the increasing demands of IT security: As the IDG study "Managed Security 2018" shows, the managed services solution is a proven measure here. More than half (58 percent) of the companies surveyed in the study already work with an IT security service provider. Unlike outsourcing, with managed GRC services the company retains sovereignty and control of the task. In this case, we as a service provider take on the role of advisor and point out options for action. Depending on the assignment, our team provides permanent support to internal colleagues in hardening the IT infrastructure, eliminating vulnerabilities, or helps to set up a new in-house security department. We successfully implemented the latter at Linde AG, the DAX-listed global technology group with 58,000 employees. The Linde team spent three quarters of a year being trained by us and was able to build up comprehensive know-how in the special area of SAP Security & Compliance. On this basis, it is now able to react immediately if a critical event occurs. Klaus Brenk, Head of Monitoring, QA & Governance at Linde AG, is satisfied after the end of the project: "The experience of AKQUINET's security experts was an invaluable support for us in redesigning our risk management. Especially in the analysis and evaluation of our security events, our team benefits from the cooperation in the long term."

Attention: Think SAP security directly during S/4HANA migration!

According to the IT online magazine, more than a quarter (27 percent) of SAP customers are not thinking about security aspects during the S/4HANA migration. In our view, this is more than negligent, because it is imperative that this changeover be used to plan for the security of SAP systems right from the start. Securing the systems later only leads to higher costs and greater internal effort. But here, too, the devil is in the details: S/4HANA systems represent a technologically new platform, so other aspects play a role in securing the new S/4HANA systems well.

All in all, SAP systems are too important to rely solely on standard protection. With Managed Services, corporate IT decision-makers can effectively raise their SAP security to a suitable level in a short period of time and thus meet the increasing challenges in the IT environment, the shortage of skilled workers and growing security risks.