Nearly 95% of SAP Systems Vulnerable to Hackers


SAP-Systems-Hackers

More than 95 percent of enterprise SAP installations exposed to high-severity vulnerabilities that could allow attackers to hijack a company’s business data and processes, new research claims entirely.

According to a new assessment released by SAP (short for Systems, Applications & Products) solutions provider Onapsis, the majority of cyber attacks against SAP applications in the enterprise are:
Pivots – Pivoting from a low to high integrity systems in order to execute remote function modules.
Database Warehousing – Exploiting flaws in the SAP RFC Gateway to execute admin privilege commands in order to obtain or modify information in SAP databases.
Portal Attacks – Creating J2EE backdoor accounts by exploiting vulnerabilities to gain access to SAP portals and other internal systems.

More than 250,000 SAP business customers worldwide, including 98 percent of the 100 most valued brands, are vulnerable for an average of 18 months period from when vulnerabilities surfaced.

“This trend is not only continuing, but exacerbating with SAP HANA, which has brought a 450 percent increase in new security patches,” Nunez says. “With SAP HANA positioned in the center of the SAP ecosystem, data stored in SAP platforms now must be protected both in the cloud and on-premise.”

According to the research, SAP released 391 security patches last year and almost half of them were ranked as high priority.

The Attack Vectors:

Exploiting the vulnerabilities in SAP could result in sufficiently compromised business SAP systems, putting intellectual property, customer and supplier data, financial, credit card as well as database warehouse information at risk of getting stolen by hackers.

SAP HANA, according to Nunez, is responsible for a 450 percent increase in the number of new security patches.

“This trend is not only continuing, but exacerbating with SAP HANA, which has brought a 450 percent increase in new security patches,” Nunez says. “With SAP HANA positioned in the center of the SAP ecosystem, data stored in SAP platforms now must be protected both in the cloud and on-premise.”

To prevent from hack:

Keep your SAP applications as secure as possible and in order to do that…
Businesses and companies should stay up-to-date with SAP Security Notes.
Continually monitor your networks for security and compliance issues.
Have both cyber security protection and risk management policies in the first place.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s