The advent of widespread cloud adoption for SAP systems represents a watershed moment in the industry. These changing times have ushered in the need for a fundamental shift in SAP security strategy, according to Joerg Schneider-Simon, Co-Founder and...
As organizations increasingly transition their SAP environments to the cloud, the need for robust security has never been greater. Protecting critical business data in these cloud-based systems is a complex challenge — one that traditional...
In an October 2024 IDC article entitled, “Storm Clouds Ahead: Missed Expectations in Cloud Computing,” the authors conduct an analysis of cloud repatriation trends. The main premise of the article is that the cloud computing landscape is...
We were thrilled to join Accenture, Fortinet, and SecurityBridge to host the premier SAP security event of the year, “Secure Together,” in Rotterdam on June 19, 2024. If you weren’t able to make it, read on to learn more about the topics and trends...
Whether you work at a small K-12 school district or a huge state university, SAP plays a big role in education, controlling important operational functions of your school from payroll and PTO requests to maintenance schedules and contracts.
So,...
In the digital era, where data is as valuable as gold, cybersecurity has become a cornerstone for businesses worldwide.
One area that often flies under the radar — but warrants significant attention — is the management and security of XML files,...
In today's digitally driven corporate environments, SAP applications stand as colossal pillars supporting myriad business processes, from procurement and supply chain management to human resources and customer relationship management.
However, the...
In the complex world of cybersecurity, PDF files represent not just documents. They’re also sophisticated vehicles for potential exploitation. Within the intricate framework of SAP applications, PDFs harbor multifaceted technical vulnerabilities...
Your organization faces an ever-growing threat of ransomware attacks. The year 2023 saw ransomware attacks increase by a whopping 95% over the previous year. Worldwide, more than 72% of businesses were affected by ransomware attacks in 2023.
To...
University of Amsterdam was founded in 1632 and holds ties with the Amsterdam University of Applied Sciences, collectively serving around 80,000 students per year. A past cyberattack spurred this educational institution to harden their network — but...
Ransomware continues to be one of the top varieties of malicious software. And it’s wreaking havoc, grinding company operations to a halt as the ransomware renders mission-critical data and systems inaccessible, while also exposing companies to huge...
Hackers have been quick to notice that many SAP applications, servers, and databases that were once hidden behind corporate firewalls are now exposed to the web, making them prime targets for attacks.
One common denominator in this push to the web...
The world faces a set of risks that feel both wholly new and eerily familiar. The Global Risks Report 2023, published by the World Economic Forum (WEF), explores some of the most severe risks we face over the next decade.
As you can see from the...
Talk to your average hacker, and they’ll tell you they prefer to target networks and applications that host mission-critical data.
The more valuable the data, the more attractive the target.
This is why plenty of cybercriminals have their sights set...
Retailers face multiple (and growing) challenges in a highly competitive marketplace. To meet these challenges, many retailers turn to SAP to transform the customer experience across every channel while improving sustainability across the entire...
Hackers know there is an open door into SAP. They exploit users and the application layer by introducing malicious files. This attack vector is in the application’s critical path, as attaching supporting documents to transactions is a common...
If Benjamin Franklin were alive today, he would likely expand his famous aphorism to say: “There are only three certainties in life—death and taxes—and malware.”
Malware is a certainty in life and business because there is no way to protect your...
This post is the second in our two-part series on how to protect your SAP systems against file-based attacks. Read the first post: SAP Security for Beginners: How to Safely Upload Files into Your SAP System.
Malware in file uploads wreaks havoc on...
File uploads are a necessary part of doing business, particularly these days when so many employees are working remotely.
And SAP is no different. SAP applications used to manage suppliers, procurement, recruiting, finances, and dozens of other...
It’s smart for IT leaders to stay updated on virus protection best practices.
But just as most anti-virus solutions fail to protect SAP, many lists of virus protection best practices completely neglect SAP cybersecurity, even though SAP software...
Know what’s worse than discovering that your network has been breached by hackers?
Not discovering it.
When it comes to ensuring SAP security, even veteran cybersecurity professionals may operate in reactive mode. Instead of getting out ahead of...
If your organization runs any SAP applications, you likely have a problem with malware...and malware detection.
Why? Because most enterprise anti-virus software doesn’t protect SAP applications against malware.
If you need malware detection for SAP...
Your ERP (enterprise resource planning) system collects, stores and distributes your most sensitive employee, customer, supplier and financial data.
That’s why ERP systems are popular targets for criminal hackers, malevolent nation states and...
Is your enterprise-grade anti-virus software protecting your SAP systems?
No.
Is it leaving your business exposed and vulnerable to the latest viruses, whether GoBrut, Jokeroo, Trojan Glupteba, ILOVEYOU or something else?
Unfortunately…yes.
Why?...
Is your organization fully covered with your current anti-virus solution?
You may think so, but if you are using SAP, you may not be as safe as you think.
Traditional anti-virus solutions do not protect SAP systems—so file uploads into SAP...
Keeping data, processes, and people safe while in the cloud is something businesses often overlook until something goes wrong.
According to a study by Onapsis and ASUG on "Digital Transformation and Security," 57% of businesses have almost completed...
Forgive us for asking, but on a scale from 1 to 10, how mature is your SAP security, exactly?
Not sure? That’s understandable. After all, a global cybersecurity standard for SAP systems doesn’t exist. Countries follow their own guidelines. Audit...
Cybercriminals have never seen a weakness they didn’t like. If a trend in ecommerce, a shift in consumer buying habits or a shift in technology makes retailers more vulnerable, cybercriminals are the first to discover these vulnerabilities—and...
In December 2020, the US Cybersecurity and Infrastructure Security Agency (CISA) announced that a suspected Russian hack "poses a grave risk to the federal government." The agency added that "state, local, tribal, and territorial governments as well...
Cyberattacks and malware threats are becoming more sophisticated by the day, including attacks that target SAP E-Recruiting systems.
In August 2020, the United States Cybersecurity and Infrastructure Security Agency (CISA) published a Malware...
“My business is too small – cyberattackers won’t even have me on their radar.”
“We’re big, but we have a great team monitoring our cybersecurity, so we’ll be fine.”
Whether your business is big or small, you should always suspect that a cyberattack...
In July 2020, Onapsis disclosed a vulnerability that affects the SAP NetWeaver Application Server and therefore a large number of SAP applications.
Labeled as HotNews SAP Note #2934135 (CVE-2020-6287) in the July 2020 SAP Security Notes, this...
Is your organization like the staggering 66% of organizations that are vulnerable to cyberattacks on their SAP applications?
According to a recent Ponemon Institute study, “Only 34% of respondents say they have full visibility into the security of...
SAP cybersecurity professionals are in high demand. Really high demand. Ridiculously high demand.
As we noted back in 2018, there is a major shortage of cybersecurity professionals. So, if you’re an aspiring SAP cybersecurity professional, the best...
Are your web-facing SAP applications vulnerable to total compromise by a remote, unauthenticated attacker?
They may be less secure than you think: As it turns out, a recently identified SAP vulnerability can be accessed via internet-facing...
If you’re wondering about the cost of an SAP cybersecurity data breach, there’s a short answer and a long answer.
The short answer is simple, and comes from SAP itself: The average cost of SAP security breaches is $5 million. But, adds SAP, the...
Security professionals who monitor cybersecurity threats have noticed an irony when it comes to the coronavirus.
In areas with high infection rates, school districts, colleges and universities are—quite sensibly—requiring students to stay away from...
When is the last time you invited a stranger to attack your network and penetrate your SAP applications?
This is not a trick question.
If you care about the security of your SAP applications, you should care about penetration testing. Penetration...
Why do so many organizations use SAP software? Because it gives them powerful access to their data and mission-critical processes.
Unfortunately, that’s also why SAP is such a choice target for cyberattack.
If your organization uses SAP software for...
In 2013, cybersecurity challenges ranked in seventh place among the most important issues facing IT management.
Today, cybersecurity ranks as the first or second most important challenge facing IT leaders.
It’s no wonder. High-profile data breaches...
In June 2019, Bitcoin hackers penetrated the computer systems of the city government of Riviera Beach, Florida, installing ransomware that cost the city roughly $600,000 to remediate by paying a ransom. In that same year, the government offices of...
If your web-based SAP application gets attacked today, the attack vector will likely be a cross-site scripting (XSS) attack.
Cross-site scripting attacks remain the most common form of web attack against SAP applications, and the pace of attacks is...
Infected. Unprepared. Unprecedented.
These are the words that experts are using when discussing the coronavirus—but while medical experts use those terms in reference to human health, cybersecurity experts are having similar discussions about SAP...
Migrating your SAP systems to the cloud offers many operational and financial benefits. SAP migration to the cloud reduces your hardware costs, makes backup and disaster recovery more robust, and improves availability, reliability and scalability.
A...
Editor's Note: We recently updated this previously published post with new insights. Enjoy!
Want to protect your SAP applications against file-based attacks? Use MIME-Type checks.
One way that cyber attackers attempt to compromise SAP systems is by...
While SAP helps businesses operate more efficiently through streamlined business processes, its complexity means it presents a significant attack surface for hackers.
Since businesses use SAP for managing their most sensitive business processes, it...
We’ve said it before: Keeping SAP security patches up to date is one of the most effective ways to prevent a successful cyberattack.
To make that task a bit easier, here is our quick summary of the Security Notes Update that SAP issued in January...
Cyberattacks are now heavily automated. Is the solution automated cybersecurity?
Hackers are launching fearsome new attacks against SAP systems across multiple industries using self-directed software tools and processes. Malicious actors are using...
Cybersecurity Ventures predicts that cybercrime will cost the world $6 trillion annually by 2021, making cybercrime more profitable than the global trade in all major illegal drugs combined.
Cybercriminals are turning to a multitude of new tactics...
A whopping 92% of malware is still delivered by email, according to Verizon’s Breach Investigations report.
The majority of these threats arrive in the form of phishing links. But a sizeable percentage still arrive as email attachments. And we’re...
More than two-thirds of ERP systems were breached in the last 24 months according to a 2019 survey conducted by IDC for Onapsis.
ERP Security: The Reality of Business Application Protection, the IDC survey of 430 IT decision makers, reveals that 64%...
One day back in 2013, a group of hackers—likely backed by China—booted up their computers and began breaking into USIS, a US federal contractor that conducted background checks for the US Department of Homeland Security. The hackers gained access by...
In April 2019, hackers uploaded a series of exploits targeting SAP business applications to a public forum.
These exploits, referred to as 10KBLAZE, leverage insecure default configurations that SAP has known about for a while and had corrected...
Cybersecurity talent shortages. Employees and vendors who think security policies are just a suggestion. A rapidly growing, AI-driven tsunami of threats.
The role of a Chief Information Security Officer is not exactly what we’d call relaxing.
To...
A whopping 90% of successful cyberattacks are caused by human error. Why? Because most organizations don’t have a healthy cybersecurity culture.
According to ISACA and the CMMI Institute in their 2018 Cybersecurity Culture Report, only 5% of...
In 2005, YouTube was unleashed upon the world, Hurricane Katrina battered the Louisiana coastline, and Tom Cruise jumped on Oprah’s couch.
During that year, bowbridge Software GmbH was founded.
Since then, the cybersecurity battle has become a world...
A whopping 96 percent of energy, oil, and gas industry professionals fear operational shutdowns and threats to their employees’ safety due to a digital attack, according to a 2018 Tripwire study.
Their fear is well-justified: 40 percent of...
It’s an understatement to say that your SAP system contains and controls your most mission-critical data and processes. Keeping your applications safe and secure, therefore, isn’t a one-person job: It requires a team of professionals, all performing...
SAP is your organization’s cardiovascular system. It allows mission-critical data to flow smoothly from application to application and from team to team, ensuring every limb of the company can function the way it needs to.
Protecting your SAP...
In the cybersecurity world, one thing is certain: As soon as security testing experts find a new way to penetrate defenses, you can guarantee that cybercriminals are making the same discovery.
A prime example of this phenomenon came to light at the...
The news these days on cybersecurity is often grim. High-profile data breaches affect millions of consumers, data sabotage threatens vital infrastructure and systems, and massive phishing schemes wreak havoc on personal privacy. Cybersecurity...
Whether they’re signing up for a gym membership or downloading a new app, it seems like people are perpetually being asked for their personal information. And while consumers may have varying levels of trust in the organizations making the requests,...
As 2018 drew to a close, another high-profile data hack hit the news: This time, the victim was hospitality giant Marriott. The breach was initially thought to have affected up to 500 million people, with their personal data — including millions of...
Information security professionals and CIOs are feeling the squeeze. Not only is the number of data breaches increasing all the time, but the number of available cybersecurity professionals is decreasing.
As a result, IS teams face a constant...
Managers tasked with SAP cybersecurity used to have a (slightly) easier time with threat management. The primary reason? Every SAP end user was contained within the company’s four walls. All endpoints were known, and the SAP system was a closed loop.
Keeping your SAP system safe from cyberattack takes time, effort, and manpower. Busy cybersecurity teams are no strangers to effort, but time and manpower? Those are in short supply nowadays.
Shorthanded and short-on-time teams are faced with...
Another year, another listing of the top 25 most popular passwords, with the top two spots being taken, yet again, by “123456” and “password.”
People are notoriously terrible at choosing secure passwords. That is why when biometric-based credentials...
During this time of year, it’s natural to look to the year ahead and predict what it will bring. Cybersecurity experts have been doing this for decades, analyzing trends and developments to estimate a forthcoming landscape and alerting organizations...
Quick: When you think of data breaches, what comes to mind?
If you’re like most people, you think of cyberattacks that target structured, secured databases. These cyberattackers steal reams of sensitive data, often selling the data to the highest...
It may be hard to believe, but six months have passed since the GDPR deadline. During that time, companies (including bowbridge) contacted their lists, seeking active consent to continue sending them information. GDPR opt-in emails were so...
“I have read and understood the company’s IT policy.”
Employees check the box, but are they adhering to the policy? The evidence suggests otherwise: In a survey of IT professionals, employees leaving laptops and phones unsecured in vulnerable places...
Our friends at Cybersecurity Insiders recently released their 2018 Application Security Report, which contains some eyebrow-raising results. For example, only 62 percent of respondents feel (at best) moderately confident in their organization’s...
Passwords are out, prints are in.
Biometric security features have been added to door locks, banking applications, smart phones and beyond. Instead of memorizing pin numbers, authenticating our identity is now as simple as looking into a camera or...
The enemy is coming … and the white hats are outnumbered.
It’s predicted there will be a worldwide shortage of cybersecurity professionals—2 million of them, to be precise—by 2019. Should someone from your own cybersecurity team leave your company...
The internet has come a long way since the days of screeching dial-up modems. We’ve become used to quick and reliable internet access from our computers and smartphones.
The new frontier? Connected appliances, vehicles, equipment, and more. The...
On July 25th, the world received some startling news: The US Department of Homeland Security had issued an alert about ERP systems (specifically, SAP and Oracle) being targeted by nation-state attackers, cybercriminals, and hacktivist groups.
This...
Whether a company is looking at customers, suppliers, production, or finances, it’s looking at data. And SAP is one of the most widely used platforms for companies to manage their data and perform the multiple tasks that keep a business running.
So,...
Supply chains keep an organization operating at full pace … or they can stop a company in its tracks. Without a well-run supply chain, a company can’t produce their product, maintain their equipment, or even manage day-to-day operations.
Today’s...
It’s no surprise that SAP is one of the most widely used business platforms in the world, considering how wide-ranging and versatile it is.
And as a responsible company, SAP works hard to push out patches, called “security notes” in SAP-speak on a...
Our world is getting increasingly mobile. Our socializing, our banking, our dating, our bitter family arguments about politics … more and more, it’s all taking place on our mobile devices.
Business is no different. Increasingly, company employees...
Cybercriminals are always looking for ways to get through a company’s cybersecurity defenses. And in 2017, Human Resources departments became a prominent victim.
A Petya ransomware variant named “GoldenEye” targeted HR departments, by way of...
Processes and data: These are two things the average government agency has in abundance. And after decades of distributing massive procedural binders and struggling with file and document management, many government departments have found themselves...
Cyberattacks are changing. Previously, a common goal among cyberattackers was to pull off a large-scale attack that would either result in a massive theft or a complete shutdown of the target’s systems. Big and splashy, these attacks would make news...
Essen Systemhaus (ESH) is the central IT and telephone service provider for the City of Essen in the western region of Germany. Essen, the ninth-largest city in Germany houses a population of almost 600,000, making Essen Systemhaus’s work of...
Anybody who has ever visited a web page has likely been redirected at some point, such as when older links get redirected to updated ones or visiting a “My Account” page redirects to the login page. Even on apps, this is common: When logging into a...
Phoenix Contact, headquartered in Blomberg, Germany, is the world leader in electrical connection technology. Their passion drives them to deliver the most innovative, highest quality connection technology that helps clients in industries such as...
The prevalence of cybersecurity breaches in the news has attracted a lot of notice, even from people who aren’t normally tasked with keeping their finger on the pulse of the cybersecurity world. Indeed, high-profile and costly cyberattacks have...
2017 opened everybody’s eyes to the rising threat of cyberattacks. Between the WannaCry ransomware attack and the massive Equifax data breach, companies around the globe realized that when it comes to cybersecurity, the status quo is no longer an...
ERP security has long been focused on operational issues, such as permissions and segregation of duties. That may no longer be enough to keep organizations safe.
2017 was filled with headlines about major data breaches and cyberattacks, and it’s...
Companies around the globe choose SAP to streamline and standardize their everyday activities like workflows, purchasing, and staffing, saving an enormous amount of time and effort.
However, SAP is also a preferred target for cyberattacks.
And one...
For decades, businesses and individuals have turned to Microsoft Office to create documents, spreadsheets, databases, and more. And as new cybersecurity threats have arisen, Microsoft has issued updates and patches to address those threats.
We’ve all encountered instances of a malware attack on a friend’s or relative’s home computer — or even on our own. Personal cybersecurity breaches can be inconvenient and distressing, especially if they result in frustrating identity theft or...
October is cybersecurity awareness month. We look at Equifax’s cybersecurity nightmare and how your SAP system may put you at similar risk.
It has been only about a month since Equifax went public with news of a security breach that affected over...
Staying on top of SAP cybersecurity requires unceasing vigilance. This year’s SAPinsider Events offer an excellent opportunity to learn the latest news on the industry’s biggest threats and smartest best practices.
October is Cybersecurity Awareness Month. We take a look at the explosive growth of cybercrime as a service and how it puts your SAP system at risk.
We live in an age where we can outsource just about anything. From virtual assistants to lawn care...
Technology security professionals see a staggering variety of cyberattacks and are constantly on guard for new threats on the horizon. But even the most weathered IT pro feels a rise in blood pressure when they hear this phrase: cross-site scripting.
SAP recently issued a security note addressing a vulnerability in the SAP E-Recruiting application:
“When a user registers to the e-recruiting application, he/she receives a link by email to confirm access to the provided email address. However,...
Many businesses rely on SAP CRM (Customer Relationship Management) and SRM (Supplier Relationship Management) applications to manage workflows, standardize processes and centralize data. But, while these applications are eminently useful, they might...
Considering how SAP systems are often interlinked with critical financial data, human resources records, and even vital infrastructure, a cyberattack could be devastating.
Sharing files is a common part of any company’s day. Documents are shared between departments, invoices are sent from suppliers, and resumes are sent from candidates. Departments such as Accounts Receivable, HR, Procurement, and more all handle...
Directory traversals are one of the most common SAP cybersecurity attacks, accounting for 20% of the security notes published by SAP. In these attacks, cybercriminals gain unwanted access to sensitive files or system directories, potentially...
External cybersecurity threats pose a very real risk to SAP systems of all sizes. One of the most common vehicles for hackers is the injection attack – both SQL injections and OS command injections. Preventing these attacks requires proactive...
If you’re a manager tasked with SAP security, it’s likely that you spend a significant amount of time focused on internal and process-based security threats. However, you may be unaware of the external cybersecurity threats that can put your...
In years past, corporate IT departments exerted complete control over who used their SAP applications. Any endpoint that accessed SAP was known and secured. As a result, managers tasked with SAP security were concerned about internal business- and...
Many users safely employ macros to streamline repetitive processes. Unfortunately, many cybercriminals also use macros to hide malicious code in an attempt to steal information or money.
After several quiet years, macro malware is experiencing a...
In late November 2016, the low-tech ransomware program “Locky” began spreading via scalable vector graphics (SVG) images sent through Facebook Messenger.