The global and independent platform for the SAP community.

Why SAP Systems Urgently Need More Cyber Security

Cybercrime reports have been ringing alarm bells.Tthreast to ERP systems have also been intensifying. According to a study, the number of cyberattacks on SAP landscapes will reach an all-time high by 2023.
Philipp Latini, Sivis
June 7, 2024
avatar

Ransomware incidents alone have increased fivefold since 2021, and the increase in dark web chats about SAP vulnerabilities is similarly high. No wonder, with over 400,000 customers accounting for almost 90 percent of global trade volume, SAP landscapes are a profitable target for financially motivated exploits. This is where the "crown jewels" of corporate data are managed, including design plans and recipes, confidential financial results and pricing strategies, credit card data and personal HR data. SAP knows everything, and without SAP, usually nothing works. Regardless of whether the attackers are looking to steal know-how, manipulate finances, trade in stolen data or ransom money: Security leaks in SAP systems can hit companies to the core. 

Yet SAP remains a blind spot on the IT security map for many companies. Why do companies so often massively underestimate ERP security risks?

Cyber-attacks only affect the big players. No. According to the "Wirtschaftsschutz 2023" study (Economic Security) published by the digital association Bitkom, around three-quarters of all German companies were victims of cybercrime last year. Attackers are forming alliances, expanding their "services" and systematically targeting small and medium-sized businesses—all with a high degree of specialization and sophisticated methods. Criminal tactics are becoming increasingly professional, with the average incident taking six months to detect and resolve—plenty of time for attackers to steal data, manipulate systems, and cover their tracks.

Certificates and audits will do. No! Neither the auditor's certificate nor security audits can identify all vulnerabilities and anticipate future security gaps. New legislation, such as the forthcoming implementation of the NIS2 directive at the end of 2024, is helping to harmonize security levels across the EU at a high level. But even complying with all legal obligations should not lull companies into a false sense of security. ERP systems are complex and difficult to protect due to their integration into a networked IT landscape—the number of potential gateways increases with each interface. Moving ERP workloads to the cloud also redefines security standards. The fact is that cyberattacks cannot be completely avoided. It is important to keep an eye on cybercrime trends, translate threats into individual security concepts, and ensure a fast response time in the event of an emergency. 

According to the Data Breach Investigations Report, insiders are responsible for about one-fifth of all security incidents—not always with criminal intent, but often due to negligence and lack of risk awareness. With the democratization of AI, this flank will become even more vulnerable in the coming years. Today, AI translation tools can localize phishing emails at native speaker level in seconds, and AI-powered voice generators create deceptively realistic deepfakes for CEO scam calls from voice snippets. 

According to a survey of the SAP community, 45 percent of German companies do not consider their SAP systems adequately protected, and only 10 percent feel very well prepared to remain operational in the event of an attack. About a quarter do not even have IT security on their agenda. However, solid baseline protection requires the consistent use of technology resources that have long been available.

Timely patches and updates are a must. Reliable update management is essential for quickly closing security gaps in on-premises systems. SAP has invested in the usability of the system architecture to make it easier to deploy security patches for S/4 Hana.

Click here for the partner entry:

avatar
Philipp Latini, Sivis

Philipp Latini is Managing Director at Sivis. The company specializes in software for authorization management, user administration and compliance. Before Philipp Latini took over the position as CEO in 2020, the IT systems businessman initially worked as Sales Manager and Head of Consulting at Sivis.


Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 24, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.