According to a new assessment released by SAP (short for Systems, Applications & Products) solutions provider Onapsis, the majority of cyber attacks against SAP applications in the enterprise are:
- Pivots - Pivoting from a low to high integrity systems in order to execute remote function modules.
- Database Warehousing - Exploiting flaws in the SAP RFC Gateway to execute admin privilege commands in order to obtain or modify information in SAP databases.
- Portal Attacks - Creating J2EE backdoor accounts by exploiting vulnerabilities to gain access to SAP portals and other internal systems.
More than 250,000 SAP business customers worldwide, including 98 percent of the 100 most valued brands, are vulnerable for an average of 18 months period from when vulnerabilities surfaced.
"The big surprise is that SAP cyber security is falling through the cracks at most companies due to a responsibility gap between the SAP operations team and the IT security team," Onapsis chief executive Mariano Nunez says. "The truth is that most patches applied are not security-related, are late or introduce further operational risk."
According to the research, SAP released 391 security patches last year and almost half of them were ranked as high priority.
The Attack Vectors:
Exploiting the vulnerabilities in SAP could result in sufficiently compromised business SAP systems, putting intellectual property, customer and supplier data, financial, credit card as well as database warehouse information at risk of getting stolen by hackers.
SAP HANA, according to Nunez, is responsible for a 450 percent increase in the number of new security patches.
"This trend is not only continuing, but exacerbating with SAP HANA, which has brought a 450 percent increase in new security patches," Nunez says. "With SAP HANA positioned in the center of the SAP ecosystem, data stored in SAP platforms now must be protected both in the cloud and on-premise."
To prevent from hack:
Keep your SAP applications as secure as possible and in order to do that…
- Businesses and companies should stay up-to-date with SAP Security Notes.
- Continually monitor your networks for security and compliance issues.
- Have both cyber security protection and risk management policies in the first place.