How PDF Files Can Endanger Your SAP Cybersecurity
Dec 20, '17 by Joerg Schneider-Simon
Companies around the globe choose SAP to streamline and standardize their everyday activities like workflows, purchasing, and staffing, saving an enormous amount of time and effort.
However, SAP is also a preferred target for cyberattacks.
And one of the main vehicles? The innocuous-looking PDF file.
Cyberattacks transmitted through SAP have the potential to inflict massive amounts of damage. In one cautionary case, the firm USIS ended up filing for bankruptcy after they lost a $2 billion contract. Why? Because a cyberattacker infiltrated one of their SAP applications and stole private background check information about government personnel with classified clearance.
Not something that any IT or SAP professional wants to have happen on their watch.
To know how to stop it, you first need to know how it happens.
How Malware Hides in PDF Files
What About Anti-Virus?
A robust anti-malware system does an excellent job of blocking damaging viruses and malware from getting into your everyday operating systems.
But SAP is different.
The problem is that because of the way file upload and storage works in SAP, traditional anti-malware programs aren’t as effective. For example, files that are uploaded to SAP E-Recruiting are stored in SAP’s database, not on the drives where the rest of your company’s files and programs are stored. Anti-virus software can’t look inside SAP’s database, so there’s no way to scan and detect malware. And that perfect-looking resume could sit in the database, full of malware, just waiting for its moment to shine.
SAP’s developers are well aware of its security vulnerabilities. So, they introduced the Virus Scan Interface in 2004. This interface is a port where anti-malware programs can attach to it and provide that extra security. However, traditional anti-virus software is not compatible with this interface.
Fortunately, there are some SAP-specific solution providers out there, bowbridge being one of them. By using anti-virus and application security solutions made specifically to work around SAP’s unusual structure, your team can eliminate the ugly threats hidden not only in PDF files but in any content uploads.
Want to learn more about how to protect your SAP system from malware hidden in PDF files? Watch our webinar, The Enemy Within: SAP Security Threats Hidden in PDF Uploads