Cyber attacks are on the rise and won’t spare the IT systems of companies worldwide. But what about the security of SAP systems, the digital backbone of so many organizations? We get to the bottom of this important question.
Monday, July 8, 8:45 a.m.: Mr. Smith, the IT manager of a medium-sized company, is sitting in his darkened office. The only illumination comes from the numerous monitors lined up in front of him. His expression is serious and tense, his gaze wanders hurriedly from screen to screen. He is trying to understand the crisis scenario that is unfolding in front of him.
Countless alerts and error codes indicate that the ERP system, the heart of the food company, is out of control. The dashboard shows a jumble of unknown errors and disturbances; data flows are disrupted. Unknown IP addresses and unexpected network traffic patterns clearly indicate that someone has penetrated the system – a cyberattack is happening.
Cyber security at risk
The number of cyber attacks, such as the one described above, has been on the rise for years. According to the latest report from Bitkom, the German economy is experiencing an annual damage of around 203 billion euros due to data theft, espionage and sabotage. Of particular concern is the fact that companies and public authorities are not well prepared for such attacks. According to the German Federal Office for Information Security (BSI), more than 20,000 security vulnerabilities in software products (13% of them critical) were disclosed in 2021 – an increase of 10% over the previous year.
But what is it that cyber criminals try to achieve?
Financial Benefits
Some hackers target sensitive information, such as credit card information, bank data or access data to online banking accounts, which they can then sell. They also often use so-called ransomware, which restricts or prevents access to data and systems by encrypting user data, for example. The perpetrators then demand a ransom in order to decrypt the data.
Industrial espionage
Hackers attack companies to steal confidential information or trade secrets to sell them to competitors or other stakeholders.
Sabotage
Disrupting operations, manipulating and destroying data, or causing physical damage: Hackers use targeted attacks to sabotage IT, spread misinformation, or damage systems. The motives are manifold. However, criminals often aim to cause as much damage as possible.
Cybercrime is capable of causing existential damage and, in the case of attacks on administration and infrastructure, can even destabilize democratic states. The recent war in Ukraine impressively demonstrates how cyberattacks and disinformation are increasingly used in modern warfare.
Are SAP systems particularly at risk?
More than 444,000 companies worldwide work with SAP solutions. These systems, such as the ERP system SAP S/4HANA, are an attractive target for hackers. The reason: They often manage critical business processes and store sensitive information such as financial data, personnel information and customer information.
The security of SAP systems is particularly important because they build the digital backbone of companies. If central areas such as production or the supply chain are affected by attacks, damage can skyrocket to millions of euros.
In addition, there are specific aspects that make SAP systems particularly vulnerable to cyber attacks:
Complexity and inconsistent coding
Large SAP systems are highly complex and often strongly customized to the specific needs of a company. This complexity makes it difficult to identify and close all possible security gaps in time. In many cases, different developers are continuously working on different parts of the system.
A common problem in this regard: inconsistent, non-standardized code. This can cause vulnerabilities and errors in the security architecture of an SAP system, through which cybercriminals can gain unauthorized access.
If code is not properly validated or verified, it is much easier for hackers to inject malware into the system and severely damage it.
Outdated Security Measures
Many companies fail to keep their SAP systems up to date. There are many reasons for this: the expected costs are too high, or there is simply not enough trained personnel to take care of cyber security. This often leads to the fact that even well-known security gaps are left unfixed.
Poor authorization management
If authorizations in SAP systems are not carefully managed, users may be able to access information or perform actions without approval. In addition, inactive user accounts provide potential attackers with more opportunities to penetrate the system.
This is particularly critical if the Segregation of Duties (SoD) is not being applied properly. It determines that no person is allowed to have sole control over more than one critical function or task in a system or process. If segregation of duties is not enforced, individuals can perform fraudulent or harmful actions with almost no interruption.
What could Mr. Smith have done in advance to protect his company's SAP systems? We will answer this question in the next article.
