There are no small mistakes-every mistake in cybersecurity is potentially catastrophic.
Several oversights that have quietly grown into some of the most significant cybersecurity missteps can be found within SAP software configurations and include underestimating security risks, being overconfident that native SAP security is good enough, and assuming prior patches are all that is needed to harden the system well into the future.
Despite SAP software housing some of the most sensitive company data imaginable, SAP-specific cybersecurity is a lower priority at an alarming percentage of organizations.
The fact is SAP dramatically increases the attack surface a company must safeguard-it follows that additional security measures should be applied.
Mistakenly, organizations believe that out-of-the-box SAP security is good enough, redirecting the vast majority of the cybersecurity budget to other systems.
If companies ignore that they are exposing their enormous SAP data trove, it's only a matter of time before a breach happens.
To close these security gaps, companies must consider SAP as core to every cybersecurity initiative.
When organizations regularly install patches to keep their software landscape current, they often push off many SAP patches to be handled later.
In other words, SAP cybersecurity is considered last among other core IT operations.
When such an essential data source, like an SAP system, goes improperly guarded for that long, it's only a matter of time before a hacker discovers this weakness.
Simply put, SAP cybersecurity needs to be established as an ongoing process across all IT departments and be well-staffed.
Sure, every department head loves to argue that they could use more staffing, but remember that SAP cybersecurity is often at the core of many companies.
Suppose you aren't putting the people and the funding into SAP cybersecurity.
Cybersecurity is not solely infrastructure security; complex business applications like SAP that run on top of the infrastructure bring vulnerabilities to the IT risk scenario.
As previously mentioned, SAP's out-of-the-box security does not provide adequate protection.
SAP system landscapes have their architecture, which requires unique solutions and tactics to protect them.
Organizations aware of the potential SAP risk can find a fix through third-party solutions that can utilize automation, establish baselines, and harden the framework to shrink attack surfaces-rather than performing much of this work manually.
About the author:Christoph Nagy has 20 years of working experience within the SAP industry.
He has utilized this knowledge as a founding member and CEO at SecurityBridge-a global SAP security provider, serving many of the world's leading brands and now operating in the U.S. Through his efforts, the SecurityBridge Platform for SAP has become renowned as a strategic security solution for automated analysis of SAP security settings, and detection of cyber-attacks in real-time.
Prior to SecurityBridge, Nagy applied his skills as a SAP technology consultant at Adidas and Audi.
This Cyber News was published on www.cybersecurity-insiders.com. Publication date: Mon, 11 Dec 2023 14:58:05 +0000