bowbridge SAP Cybersecurity Blog

bowbridge SAP Cybersecurity Blog

What Are the Risks of Artificial Intelligence in Cybersecurity and to your SAP System?

Aug 21, '23 by Joerg Schneider-Simon

Ransomware continues to be one of the top varieties of malicious software. And it’s wreaking havoc, grinding company operations to a halt as the ransomware renders mission-critical data and systems inaccessible, while also exposing companies to huge...


Jun 14, '23 by Joerg Schneider-Simon

Hackers have been quick to notice that many SAP applications, servers, and databases that were once hidden behind corporate firewalls are now exposed to the web, making them prime targets for attacks.

One common denominator in this push to the web...

Cyber Insecurity Ranks Eighth Place in WEF Global Risks Report 2023

Apr 25, '23 by Joerg Schneider-Simon

The world faces a set of risks that feel both wholly new and eerily familiar. The Global Risks Report 2023, published by the World Economic Forum (WEF), explores some of the most severe risks we face over the next decade.

As you can see from the...

7 Ways to Improve SAP S4/HANA Security With Virus Scanning

Feb 28, '23 by Joerg Schneider-Simon

Talk to your average hacker, and they’ll tell you they prefer to target networks and applications that host mission-critical data.

The more valuable the data, the more attractive the target.

This is why plenty of cybercriminals have their sights set...

SAP Security Solutions for the Retail Industry

Feb 13, '23 by Joerg Schneider-Simon

Retailers face multiple (and growing) challenges in a highly competitive marketplace. To meet these challenges, many retailers turn to SAP to transform the customer experience across every channel while improving sustainability across the entire...

Understand SAP’s File Transfer Security Gap

Dec 15, '22 by Joerg Schneider-Simon

Hackers know there is an open door into SAP. They exploit users and the application layer by introducing malicious files. This attack vector is in the application’s critical path, as attaching supporting documents to transactions is a common...

No Malware Protection Guarantee

Apr 20, '22 by Joerg Schneider-Simon

If Benjamin Franklin were alive today, he would likely expand his famous aphorism to say: “There are only three certainties in life—death and taxes—and malware.”

Malware is a certainty in life and business because there is no way to protect your...


Apr 12, '22 by Joerg Schneider-Simon

This post is the second in our two-part series on how to protect your SAP systems against file-based attacks. Read the first post: SAP Security for Beginners: How to Safely Upload Files into Your SAP System.

Malware in file uploads wreaks havoc on...


Mar 16, '22 by Joerg Schneider-Simon

File uploads are a necessary part of doing business, particularly these days when so many employees are working remotely.

And SAP is no different. SAP applications used to manage suppliers, procurement, recruiting, finances, and dozens of other...


Mar 9, '22 by Joerg Schneider-Simon

It’s smart for IT leaders to stay updated on virus protection best practices.

But just as most anti-virus solutions fail to protect SAP, many lists of virus protection best practices completely neglect SAP cybersecurity, even though SAP software...


Nov 23, '21 by Joerg Schneider-Simon

Know what’s worse than discovering that your network has been breached by hackers?

Not discovering it.

When it comes to ensuring SAP security, even veteran cybersecurity professionals may operate in reactive mode. Instead of getting out ahead of...


Sep 9, '21 by Joerg Schneider-Simon

If your organization runs any SAP applications, you likely have a problem with malware...and malware detection.

Why? Because most enterprise anti-virus software doesn’t protect SAP applications against malware.

If you need malware detection for SAP...


Jul 14, '21 by Joerg Schneider-Simon

Your ERP (enterprise resource planning) system collects, stores and distributes your most sensitive employee, customer, supplier and financial data.

That’s why ERP systems are popular targets for criminal hackers, malevolent nation states and...


Jul 7, '21 by Joerg Schneider-Simon

Is your enterprise-grade anti-virus software protecting your SAP systems?


Is it leaving your business exposed and vulnerable to the latest viruses, whether GoBrut, Jokeroo, Trojan Glupteba, ILOVEYOU or something else?




Jun 3, '21 by Joerg Schneider-Simon

Is your organization fully covered with your current anti-virus solution?

You may think so, but if you are using SAP, you may not be as safe as you think.

Traditional anti-virus solutions do not protect SAP systems—so file uploads into SAP...


May 25, '21 by Joerg Schneider-Simon

Keeping data, processes, and people safe while in the cloud is something businesses often overlook until something goes wrong.

According to a study by Onapsis and ASUG on "Digital Transformation and Security," 57% of businesses have almost completed...


Apr 15, '21 by Joerg Schneider-Simon

Forgive us for asking, but on a scale from 1 to 10, how mature is your SAP security, exactly?

Not sure? That’s understandable. After all, a global cybersecurity standard for SAP systems doesn’t exist. Countries follow their own guidelines. Audit...


Mar 16, '21 by Joerg Schneider-Simon

Cybercriminals have never seen a weakness they didn’t like. If a trend in ecommerce, a shift in consumer buying habits or a shift in technology makes retailers more vulnerable, cybercriminals are the first to discover these vulnerabilities—and...


Mar 3, '21 by Joerg Schneider-Simon

In December 2020, the US Cybersecurity and Infrastructure Security Agency (CISA) announced that a suspected Russian hack "poses a grave risk to the federal government." The agency added that "state, local, tribal, and territorial governments as well...


Feb 9, '21 by Joerg Schneider-Simon

Cyberattacks and malware threats are becoming more sophisticated by the day, including attacks that target SAP E-Recruiting systems.

In August 2020, the United States Cybersecurity and Infrastructure Security Agency (CISA) published a Malware...


Feb 2, '21 by Joerg Schneider-Simon

“My business is too small – cyberattackers won’t even have me on their radar.”

“We’re big, but we have a great team monitoring our cybersecurity, so we’ll be fine.”

Whether your business is big or small, you should always suspect that a cyberattack...


Jan 14, '21 by Joerg Schneider-Simon

In July 2020, Onapsis disclosed a vulnerability that affects the SAP NetWeaver Application Server and therefore a large number of SAP applications.

Labeled as HotNews SAP Note #2934135 (CVE-2020-6287) in the July 2020 SAP Security Notes, this...


Dec 10, '20 by Joerg Schneider-Simon

Is your organization like the staggering 66% of organizations that are vulnerable to cyberattacks on their SAP applications?

According to a recent Ponemon Institute study, “Only 34% of respondents say they have full visibility into the security of...


Nov 19, '20 by Joerg Schneider-Simon

SAP cybersecurity professionals are in high demand. Really high demand. Ridiculously high demand.

As we noted back in 2018, there is a major shortage of cybersecurity professionals. So, if you’re an aspiring SAP cybersecurity professional, the best...


Oct 14, '20 by Joerg Schneider-Simon

Are your web-facing SAP applications vulnerable to total compromise by a remote, unauthenticated attacker?

They may be less secure than you think: As it turns out, a recently identified SAP vulnerability can be accessed via internet-facing...


Oct 7, '20 by Joerg Schneider-Simon

If you’re wondering about the cost of an SAP cybersecurity data breach, there’s a short answer and a long answer.

The short answer is simple, and comes from SAP itself: The average cost of SAP security breaches is $5 million. But, adds SAP, the...


Sep 30, '20 by Joerg Schneider-Simon

Security professionals who monitor cybersecurity threats have noticed an irony when it comes to the coronavirus.

In areas with high infection rates, school districts, colleges and universities are—quite sensibly—requiring students to stay away from...


Sep 2, '20 by Joerg Schneider-Simon

When is the last time you invited a stranger to attack your network and penetrate your SAP applications?

This is not a trick question.

If you care about the security of your SAP applications, you should care about penetration testing. Penetration...


Aug 19, '20 by Joerg Schneider-Simon

Why do so many organizations use SAP software? Because it gives them powerful access to their data and mission-critical processes.

Unfortunately, that’s also why SAP is such a choice target for cyberattack.

If your organization uses SAP software for...


Aug 13, '20 by Joerg Schneider-Simon

In 2013, cybersecurity challenges ranked in seventh place among the most important issues facing IT management.

Today, cybersecurity ranks as the first or second most important challenge facing IT leaders.

It’s no wonder. High-profile data breaches...


May 20, '20 by Joerg Schneider-Simon

In June 2019, Bitcoin hackers penetrated the computer systems of the city government of Riviera Beach, Florida, installing ransomware that cost the city roughly $600,000 to remediate by paying a ransom. In that same year, the government offices of...


May 13, '20 by Joerg Schneider-Simon

If your web-based SAP application gets attacked today, the attack vector will likely be a cross-site scripting (XSS) attack.

Cross-site scripting attacks remain the most common form of web attack against SAP applications, and the pace of attacks is...


May 6, '20 by Joerg Schneider-Simon

Infected. Unprepared. Unprecedented.

These are the words that experts are using when discussing the coronavirus—but while medical experts use those terms in reference to human health, cybersecurity experts are having similar discussions about SAP...


Apr 22, '20 by Joerg Schneider-Simon

Migrating your SAP systems to the cloud offers many operational and financial benefits. SAP migration to the cloud reduces your hardware costs, makes backup and disaster recovery more robust, and improves availability, reliability and scalability.



Apr 14, '20 by Joerg Schneider-Simon

Editor's Note: We recently updated this previously published post with new insights. Enjoy!

Want to protect your SAP applications against file-based attacks? Use MIME-Type checks.

One way that cyber attackers attempt to compromise SAP systems is by...


Mar 3, '20 by Joerg Schneider-Simon

While SAP helps businesses operate more efficiently through streamlined business processes, its complexity means it presents a significant attack surface for hackers.

Since businesses use SAP for managing their most sensitive business processes, it...


Feb 12, '20 by Joerg Schneider-Simon

We’ve said it before: Keeping SAP security patches up to date is one of the most effective ways to prevent a successful cyberattack.

To make that task a bit easier, here is our quick summary of the Security Notes Update that SAP issued in January...


Jan 30, '20 by Joerg Schneider-Simon

Cyberattacks are now heavily automated. Is the solution automated cybersecurity?

Hackers are launching fearsome new attacks against SAP systems across multiple industries using self-directed software tools and processes. Malicious actors are using...

Beyond Phishing: Smishing, Vishing and Other Emerging Cybersecurity Threats

Jan 21, '20 by Joerg Schneider-Simon

Cybersecurity Ventures predicts that cybercrime will cost the world $6 trillion annually by 2021, making cybercrime more profitable than the global trade in all major illegal drugs combined.

Cybercriminals are turning to a multitude of new tactics...


Jan 2, '20 by Joerg Schneider-Simon

A whopping 92% of malware is still delivered by email, according to Verizon’s Breach Investigations report.

The majority of these threats arrive in the form of phishing links. But a sizeable percentage still arrive as email attachments. And we’re...


Dec 9, '19 by Joerg Schneider-Simon

More than two-thirds of ERP systems were breached in the last 24 months according to a 2019 survey conducted by IDC for Onapsis.

ERP Security: The Reality of Business Application Protection, the IDC survey of 430 IT decision makers, reveals that 64%...


Nov 7, '19 by Joerg Schneider-Simon

One day back in 2013, a group of hackers—likely backed by China—booted up their computers and began breaking into USIS, a US federal contractor that conducted background checks for the US Department of Homeland Security. The hackers gained access by...


Sep 30, '19 by Joerg Schneider-Simon

In April 2019, hackers uploaded a series of exploits targeting SAP business applications to a public forum.

These exploits, referred to as 10KBLAZE, leverage insecure default configurations that SAP has known about for a while and had corrected...


Sep 24, '19 by Joerg Schneider-Simon

Cybersecurity talent shortages. Employees and vendors who think security policies are just a suggestion. A rapidly growing, AI-driven tsunami of threats.

The role of a Chief Information Security Officer is not exactly what we’d call relaxing.



Sep 19, '19 by Joerg Schneider-Simon

A whopping 90% of successful cyberattacks are caused by human error. Why? Because most organizations don’t have a healthy cybersecurity culture.

According to ISACA and the CMMI Institute in their 2018 Cybersecurity Culture Report, only 5% of...


Aug 22, '19 by Krista Elliott

In 2005, YouTube was unleashed upon the world, Hurricane Katrina battered the Louisiana coastline, and Tom Cruise jumped on Oprah’s couch.

During that year, bowbridge Software GmbH was founded.

Since then, the cybersecurity battle has become a world...


Aug 12, '19 by Joerg Schneider-Simon

A whopping 96 percent of energy, oil, and gas industry professionals fear operational shutdowns and threats to their employees’ safety due to a digital attack, according to a 2018 Tripwire study.

Their fear is well-justified: 40 percent of...


Jul 31, '19 by Joerg Schneider-Simon

It’s an understatement to say that your SAP system contains and controls your most mission-critical data and processes. Keeping your applications safe and secure, therefore, isn’t a one-person job: It requires a team of professionals, all performing...


Jul 12, '19 by Joerg Schneider-Simon

SAP is your organization’s cardiovascular system. It allows mission-critical data to flow smoothly from application to application and from team to team, ensuring every limb of the company can function the way it needs to.

Protecting your SAP...


Jun 18, '19 by Joerg Schneider-Simon

In the cybersecurity world, one thing is certain: As soon as security testing experts find a new way to penetrate defenses, you can guarantee that cybercriminals are making the same discovery.

A prime example of this phenomenon came to light at the...


May 21, '19 by Joerg Schneider-Simon

The news these days on cybersecurity is often grim. High-profile data breaches affect millions of consumers, data sabotage threatens vital infrastructure and systems, and massive phishing schemes wreak havoc on personal privacy. Cybersecurity...


May 2, '19 by Joerg Schneider-Simon

Whether they’re signing up for a gym membership or downloading a new app, it seems like people are perpetually being asked for their personal information. And while consumers may have varying levels of trust in the organizations making the requests,...


Apr 11, '19 by Joerg Schneider-Simon

As 2018 drew to a close, another high-profile data hack hit the news: This time, the victim was hospitality giant Marriott. The breach was initially thought to have affected up to 500 million people, with their personal data — including millions of...


Mar 26, '19 by Joerg Schneider-Simon

Information security professionals and CIOs are feeling the squeeze. Not only is the number of data breaches increasing all the time, but the number of available cybersecurity professionals is decreasing.

As a result, IS teams face a constant...


Mar 12, '19 by Joerg Schneider-Simon

Managers tasked with SAP cybersecurity used to have a (slightly) easier time with threat management. The primary reason? Every SAP end user was contained within the company’s four walls. All endpoints were known, and the SAP system was a closed loop.


Feb 25, '19 by Joerg Schneider-Simon

Keeping your SAP system safe from cyberattack takes time, effort, and manpower. Busy cybersecurity teams are no strangers to effort, but time and manpower? Those are in short supply nowadays.

Shorthanded and short-on-time teams are faced with...


Jan 31, '19 by Joerg Schneider-Simon

Another year, another listing of the top 25 most popular passwords, with the top two spots being taken, yet again, by “123456” and “password.”

People are notoriously terrible at choosing secure passwords. That is why when biometric-based credentials...


Jan 17, '19 by Joerg Schneider-Simon

During this time of year, it’s natural to look to the year ahead and predict what it will bring. Cybersecurity experts have been doing this for decades, analyzing trends and developments to estimate a forthcoming landscape and alerting organizations...


Dec 17, '18 by Joerg Schneider-Simon

Quick: When you think of data breaches, what comes to mind?

If you’re like most people, you think of cyberattacks that target structured, secured databases. These cyberattackers steal reams of sensitive data, often selling the data to the highest...


Nov 26, '18 by Joerg Schneider-Simon

It may be hard to believe, but six months have passed since the GDPR deadline. During that time, companies (including bowbridge) contacted their lists, seeking active consent to continue sending them information. GDPR opt-in emails were so...


Nov 14, '18 by Joerg Schneider-Simon

“I have read and understood the company’s IT policy.”

Employees check the box, but are they adhering to the policy? The evidence suggests otherwise: In a survey of IT professionals, employees leaving laptops and phones unsecured in vulnerable places...


Nov 1, '18 by Joerg Schneider-Simon

Our friends at Cybersecurity Insiders recently released their 2018 Application Security Report, which contains some eyebrow-raising results. For example, only 62 percent of respondents feel (at best) moderately confident in their organization’s...


Oct 26, '18 by Joerg Schneider-Simon

Passwords are out, prints are in.

Biometric security features have been added to door locks, banking applications, smart phones and beyond. Instead of memorizing pin numbers, authenticating our identity is now as simple as looking into a camera or...


Sep 27, '18 by Joerg Schneider-Simon

The enemy is coming … and the white hats are outnumbered.

It’s predicted there will be a worldwide shortage of cybersecurity professionals—2 million of them, to be precise—by 2019. Should someone from your own cybersecurity team leave your company...


Aug 21, '18 by Joerg Schneider-Simon

The internet has come a long way since the days of screeching dial-up modems. We’ve become used to quick and reliable internet access from our computers and smartphones.

The new frontier? Connected appliances, vehicles, equipment, and more. The...


Aug 9, '18 by Joerg Schneider-Simon

On July 25th, the world received some startling news: The US Department of Homeland Security had issued an alert about ERP systems (specifically, SAP and Oracle) being targeted by nation-state attackers, cybercriminals, and hacktivist groups.



Jul 19, '18 by Joerg Schneider-Simon

Whether a company is looking at customers, suppliers, production, or finances, it’s looking at data. And SAP is one of the most widely used platforms for companies to manage their data and perform the multiple tasks that keep a business running.



Jul 10, '18 by Joerg Schneider-Simon

Supply chains keep an organization operating at full pace … or they can stop a company in its tracks. Without a well-run supply chain, a company can’t produce their product, maintain their equipment, or even manage day-to-day operations.



Jun 28, '18 by Joerg Schneider-Simon

It’s no surprise that SAP is one of the most widely used business platforms in the world, considering how wide-ranging and versatile it is.

And as a responsible company, SAP works hard to push out patches, called “security notes” in SAP-speak on a...


Jun 21, '18 by Joerg Schneider-Simon

Our world is getting increasingly mobile. Our socializing, our banking, our dating, our bitter family arguments about politics … more and more, it’s all taking place on our mobile devices.

Business is no different. Increasingly, company employees...


Jun 7, '18 by Joerg Schneider-Simon

Cybercriminals are always looking for ways to get through a company’s cybersecurity defenses. And in 2017, Human Resources departments became a prominent victim.

A Petya ransomware variant named “GoldenEye” targeted HR departments, by way of...


May 17, '18 by Joerg Schneider-Simon

Processes and data: These are two things the average government agency has in abundance. And after decades of distributing massive procedural binders and struggling with file and document management, many government departments have found themselves...


May 2, '18 by Joerg Schneider-Simon

Cyberattacks are changing. Previously, a common goal among cyberattackers was to pull off a large-scale attack that would either result in a massive theft or a complete shutdown of the target’s systems. Big and splashy, these attacks would make news...


Apr 17, '18 by Joerg Schneider-Simon

Essen Systemhaus (ESH) is the central IT and telephone service provider for the City of Essen in the western region of Germany. Essen, the ninth-largest city in Germany houses a population of almost 600,000, making Essen Systemhaus’s work of...


Apr 4, '18 by Joerg Schneider-Simon

Anybody who has ever visited a web page has likely been redirected at some point, such as when older links get redirected to updated ones or visiting a “My Account” page redirects to the login page. Even on apps, this is common: When logging into a...


Mar 22, '18 by Joerg Schneider-Simon

Phoenix Contact, headquartered in Blomberg, Germany, is the world leader in electrical connection technology. Their passion drives them to deliver the most innovative, highest quality connection technology that helps clients in industries such as...


Feb 27, '18 by Joerg Schneider-Simon

The prevalence of cybersecurity breaches in the news has attracted a lot of notice, even from people who aren’t normally tasked with keeping their finger on the pulse of the cybersecurity world. Indeed, high-profile and costly cyberattacks have...


Feb 9, '18 by Joerg Schneider-Simon

2017 opened everybody’s eyes to the rising threat of cyberattacks. Between the WannaCry ransomware attack and the massive Equifax data breach, companies around the globe realized that when it comes to cybersecurity, the status quo is no longer an...


Jan 25, '18 by Joerg Schneider-Simon

ERP security has long been focused on operational issues, such as permissions and segregation of duties. That may no longer be enough to keep organizations safe.

2017 was filled with headlines about major data breaches and cyberattacks, and it’s...


Dec 20, '17 by Joerg Schneider-Simon

Companies around the globe choose SAP to streamline and standardize their everyday activities like workflows, purchasing, and staffing, saving an enormous amount of time and effort.

However, SAP is also a preferred target for cyberattacks.

And one...


Dec 12, '17 by Joerg Schneider-Simon

For decades, businesses and individuals have turned to Microsoft Office to create documents, spreadsheets, databases, and more. And as new cybersecurity threats have arisen, Microsoft has issued updates and patches to address those threats.


Nov 13, '17 by Joerg Schneider-Simon

We’ve all encountered instances of a malware attack on a friend’s or relative’s home computer — or even on our own. Personal cybersecurity breaches can be inconvenient and distressing, especially if they result in frustrating identity theft or...


Oct 30, '17 by Joerg Schneider-Simon

October is cybersecurity awareness month. We look at Equifax’s cybersecurity nightmare and how your SAP system may put you at similar risk.

It has been only about a month since Equifax went public with news of a security breach that affected over...


Oct 19, '17 by Joerg Schneider-Simon

Staying on top of SAP cybersecurity requires unceasing vigilance. This year’s SAPinsider Events offer an excellent opportunity to learn the latest news on the industry’s biggest threats and smartest best practices.


Oct 17, '17 by Joerg Schneider-Simon

October is Cybersecurity Awareness Month. We take a look at the explosive growth of cybercrime as a service and how it puts your SAP system at risk.

We live in an age where we can outsource just about anything. From virtual assistants to lawn care...


Oct 11, '17 by Joerg Schneider-Simon

Technology security professionals see a staggering variety of cyberattacks and are constantly on guard for new threats on the horizon. But even the most weathered IT pro feels a rise in blood pressure when they hear this phrase: cross-site scripting.


Sep 21, '17 by Joerg Schneider-Simon

SAP recently issued a security note addressing a vulnerability in the SAP E-Recruiting application:

“When a user registers to the e-recruiting application, he/she receives a link by email to confirm access to the provided email address. However,...


Aug 29, '17 by Joerg Schneider-Simon

Many businesses rely on SAP CRM (Customer Relationship Management) and SRM (Supplier Relationship Management) applications to manage workflows, standardize processes and centralize data. But, while these applications are eminently useful, they might...


Jul 19, '17 by Joerg Schneider-Simon

Considering how SAP systems are often interlinked with critical financial data, human resources records, and even vital infrastructure, a cyberattack could be devastating.


Jul 12, '17 by Joerg Schneider-Simon

Sharing files is a common part of any company’s day. Documents are shared between departments, invoices are sent from suppliers, and resumes are sent from candidates. Departments such as Accounts Receivable, HR, Procurement, and more all handle...


May 9, '17 by Joerg Schneider-Simon

Directory traversals are one of the most common SAP cybersecurity attacks, accounting for 20% of the security notes published by SAP. In these attacks, cybercriminals gain unwanted access to sensitive files or system directories, potentially...


Apr 13, '17 by Joerg Schneider-Simon

External cybersecurity threats pose a very real risk to SAP systems of all sizes. One of the most common vehicles for hackers is the injection attack – both SQL injections and OS command injections. Preventing these attacks requires proactive...


Mar 15, '17 by Joerg Schneider-Simon

If you’re a manager tasked with SAP security, it’s likely that you spend a significant amount of time focused on internal and process-based security threats. However, you may be unaware of the external cybersecurity threats that can put your...


Feb 21, '17 by Joerg Schneider-Simon

In years past, corporate IT departments exerted complete control over who used their SAP applications. Any endpoint that accessed SAP was known and secured. As a result, managers tasked with SAP security were concerned about internal business- and...


Jan 25, '17 by Joerg Schneider-Simon

Many users safely employ macros to streamline repetitive processes. Unfortunately, many cybercriminals also use macros to hide malicious code in an attempt to steal information or money.

After several quiet years, macro malware is experiencing a...


Jan 3, '17 by Joerg Schneider-Simon

In late November 2016, the low-tech ransomware program “Locky” began spreading via scalable vector graphics (SVG) images sent through Facebook Messenger.