The global and independent platform for the SAP community.
The opinion of the SAP community, IT Security Column, MAG 20-07

Trust is good, proof is better

Cyber attacks range from manual hacking and phishing activities to the use of ransomware and malware to CEO fraud. However, remedies for many attacks have been available for a long time.
Christian Knell, Snap Consulting
August 13, 2020
Content:
It Security
avatar
This text has been automatically translated from German to English.

In the corona-related lockdown phase of the last few months, cybercrime offenses have continued to increase. In addition to e-mails about supposed security updates (with requests to enter or update data), criminals increasingly worked with fake invoices, extortion letters and phishing.

They took advantage of a lack of security concepts and poorly or not at all secured home offices. "Such cases could be prevented if we had an end-to-end authentication infrastructure.

explains the Viennese security and data protection expert Dr. Hans Zeger from Globaltrust.

"The lack of security and trust that exists in electronic communications would be easily addressed by a mandatory digital signature for e-commerce offerings."

To get that off the ground, however, would require a legislative push at the EU level, according to Dr. Zeger, who also lectures on privacy issues in e-commerce and the Internet at the University of Vienna Law School. (Speaking of which, haven't you wanted to write to your MEP for a long time?)

Well, the required authentication infrastructure is available in principle. As an SAP implementation partner, we are constantly building reliable processes for our customers in the areas of signatures and encryption. Certificates (for individuals) and seals (for companies) are used for the unique proof of identity of the stakeholders involved.

Because business documents such as orders, invoices, or other contracts are often exchanged via potentially insecure channels (e.g., e-mails), especially in the SAP environment, we often apply additional security features - comparable to those on banknotes.

This means that recipients can be sure that they have received their message unchanged and from the actual sender. And you don't even have to trust the sender - an independent trust service (like Globaltrust) can provide additional security by verifying and confirming the identity of the sender.

A simple example of effective fraud is the simple forgery of IBAN numbers on invoice documents. In this case, the PDF document is intercepted and modified on its electronic way to the recipient.

If the master data processes at the recipient's end are not appropriately secured, the changed IBAN goes through and money is voluntarily transferred to the fraudsters' account (even if you're smiling now, this happens more often than you think). If the document had been signed, the automatic integrity check would have noticed the change and prevented the fraud.
Seamlessly deployable with S/4 Hana

In the case of very sensitive data, such as bank transfers and pay slips, it can also be technically ensured that only the intended recipient can decrypt it at all. Encryption of documents and data files in this way can be seamlessly integrated into business processes and carried out in S/4 Hana or SAP ERP.

Many of these process steps, which ensure greater security, can be automated and can be stored directly on the business object in a traceable and audit-proof manner. If the worst comes to the worst, you have better technical evidence of your company's compliance and can prove that the necessary due diligence requirements have been met.

In addition, a proactive approach under the motto "trust is good, proof is better" also benefits the company's image. After all, no one likes to be the victim of security breaches and data theft in the newspaper. Much less do you want to have to explain this to your customers and partners.

https://e3mag.com/partners/snap_consulting/
avatar
Christian Knell, Snap Consulting

Ing. Christian Knell is managing partner of Snap


All articles of the author

Write a comment

The Hackett Group has recognized Esker in the area of C2C Receivables

Rackspace Technology launches UK Sovereign Services

August-Wilhelm Scheer Institute and BAD Gesundheitsvorsorge und Sicherheitstechnik: The future of healthcare

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork. All information about the event can be found here:

SAP Competence Center Summit 2024

Venue

Event Room, FourSide Hotel Salzburg,
At the exhibition center 2,
A-5020 Salzburg

Event date

June 5 and 6, 2024

Regular ticket:

€ 590 excl. VAT

Venue

Event Room, Hotel Hilton Heidelberg,
Kurfürstenanlage 1,
69115 Heidelberg

Event date

28 and 29 February 2024

Tickets

Regular ticket
EUR 590 excl. VAT
The organizer is the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes the attendance of all lectures of the Steampunk and BTP Summit 2024, the visit of the exhibition area, the participation in the evening event as well as the catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due time.