The global and independent platform for the SAP community.

Human vulnerability in the hacker's sights

Not only technical vulnerabilities can massively impair SAP security - human error is also part of it. Why SAP users should be specifically prepared for possible spear phishing attacks.
David Kelm, IT Seal
September 14, 2022
This text has been automatically translated from German to English.

Security Spear-Phishing Threatens SAP Security

SAP data is among the most coveted objects of cybercriminals. The theft of sales and personal customer data, intellectual property and financial data, which provide leverage for insider trading, collusion and fraud, appears to be particularly rewarding. No wonder, then, that attackers are coming up with increasingly sophisticated methods to gain access to business-critical SAP systems. In addition to technical security gaps, the human vulnerability is increasingly being targeted. To exploit this, the fraudsters send SAP users deceptively genuine-looking spear phishing emails, ostensibly in the name of superiors, employees or colleagues. They have meticulously researched the necessary company and employee information in social media and other Internet sources beforehand.

In these phishing e-mails, the attackers pack plausible-looking prompts to entice their potential victims to divulge highly sensitive data. To ensure that recipients open the incoming mails without thinking and follow the instructions, the fraudsters rely on tried-and-tested psychological tricks. Among the most common emotional influencers are: Belief in authority (the hackers pose as a member of management and demand that the employee hand over financial data in order to gain an overview of business developments), time pressure, fear and curiosity.

Security Awareness Training

Many companies have now recognized the threat that spear phishing attacks pose to their SAP security. As a result, SAP customers are also showing increased demand for security awareness training to arm employees against phishing attacks. However, the classic offerings are not sufficient for this. Since the training courses focus on imparting theoretical knowledge within the framework of classroom training, e-learning and webinars, only the rational decision-making ability of the participants is improved.

The Employee Security Index (ESI) provides a method for measuring awareness. The higher the ESI and awareness, the lower the likelihood of incidents. Source: IT Seal.

Spear phishing attacks, on the other hand, target the quick, intuitive decisions of email recipients. Therefore, awareness training should be supplemented with spear phishing simulations that use real company and employee information to recreate authentic attacks. But instead of being hooked by the scammers, employees land directly on an interactive explanation page. Here, they are shown step by step how they could have recognized the fake e-mails: for example, by letter rotations in the address line, deviating URLs or subdomains. 

Phishing simulations are particularly effective because they take advantage of an employee's "most teachable moment" and make him aware of his misconduct directly during the attack. This "shock effect" ensures that he will be more careful with incoming emails in the future. To ensure that the learning effect continues, spear phishing simulations should be repeated and updated regularly. To prevent employees from feeling that they are being controlled or even tricked, companies should communicate planned phishing simulations in good time. 

It is also important to align training with the individual learning needs of employees and to document learning progress. The Employee Security Index (ESI) provides a realistic and reproducible method for measuring awareness. The ESI provides tangible and reliable metrics on employee security behavior in phishing simulations of varying difficulty. This enables a company to communicate the learning progress of its workforce and define a common goal for which IT security officers, management and employees are pulling in the same direction.

David Kelm, IT Seal

David Kelm is co-founder and managing director of IT-Seal

Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork. All information about the event can be found here:

SAP Competence Center Summit 2024


Event Room, FourSide Hotel Salzburg,
At the exhibition center 2,
A-5020 Salzburg

Event date

June 5 and 6, 2024

Regular ticket:

€ 590 excl. VAT


Event Room, Hotel Hilton Heidelberg,
Kurfürstenanlage 1,
69115 Heidelberg

Event date

28 and 29 February 2024


Regular ticket
EUR 590 excl. VAT
The organizer is the E3 magazine of the publishing house AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes the attendance of all lectures of the Steampunk and BTP Summit 2024, the visit of the exhibition area, the participation in the evening event as well as the catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due time.