Staying on top of SAP cybersecurity requires unceasing vigilance. This year’s SAPinsider Events offer an excellent opportunity to learn the latest news on the industry’s biggest threats and smartest best practices.
October is Cybersecurity Awareness Month. We take a look at the explosive growth of cybercrime as a service and how it puts your SAP system at risk.
We live in an age where we can outsource just about anything. From virtual assistants to lawn care services, all it takes is a quick online search to find people willing to do the jobs we want to offload.
Even if that job is cybercrime.
Technology security professionals see a staggering variety of cyberattacks and are constantly on guard for new threats on the horizon. But even the most weathered IT pro feels a rise in blood pressure when they hear this phrase: cross-site scripting.
SAP recently issued a security note addressing a vulnerability in the SAP E-Recruiting application:
Many businesses rely on SAP CRM (Customer Relationship Management) and SRM (Supplier Relationship Management) applications to manage workflows, standardize processes and centralize data. But, while these applications are eminently useful, they might be putting your business at risk.
Petya. No-Petya. WannaCry. Locky. The names alone are enough to make any IT professional’s senses leap to high alert.
Considering how SAP systems are often interlinked with critical financial data, human resources records, and even vital infrastructure, a cyberattack could be devastating.
Sharing files is a common part of any company’s day. Documents are shared between departments, invoices are sent from suppliers, and resumes are sent from candidates. Departments such as Accounts Receivable, HR, Procurement, and more all handle large volumes of file uploads.
Unfortunately, cyberattacks are often lurking in the files that we recognize, trust, and open daily. What kind of files? The ones we tend to trust most: Microsoft Office files, images, and PDFs.
These are our invoices, our resumes, our receipts, our purchase orders — all the documents we access and use every day, and that we upload to SAP every day.
Directory traversals are one of the most common SAP cybersecurity attacks, accounting for 20% of the security notes published by SAP. In these attacks, cybercriminals gain unwanted access to sensitive files or system directories, potentially resulting in a complete system compromise.
This post is the fourth in an ongoing series to educate SAP managers about common cybersecurity threats. Previous posts have covered such major threats as denial of service (DoS) attacks, injection attacks and cross-site scripting (XSS). Today, we’re focusing on the widespread damage directory traversal attacks can wreak on SAP systems – and how to protect against them.
External cybersecurity threats pose a very real risk to SAP systems of all sizes. One of the most common vehicles for hackers is the injection attack – both SQL injections and OS command injections. Preventing these attacks requires proactive strategies and a comprehensive SAP cybersecurity solution.
We’ve recently been publishing a series of posts to educate SAP Managers about these security threats, including denial of service (DoS) attacks and cross-site scripting (XSS). In this post, we’re investigating the threats behind SQL and OS command injections, along with best practices to protect your organization.