Protecting SAP Solutions from Cyber Threats with Onapsis

⇨ A recent research carried out by Onapsis in partnership with Flashpoint reveals a dramatic rise in cyber threats targeting SAP systems.

⇨ While ransomware incidents involving compromised SAP systems and data have surged by 400%, posts by the active threat community that incorporate SAP-specific cloud and web services have seen a 220% increase.

⇨ Patching systems continues to be a major challenge for many SAP customers as the demand for system availability needs to be balanced with scheduling downtime to apply patches and updates.

One of the biggest concerns for SAP customers is protecting the sensitive and confidential data in their SAP systems, according to recent SAPinsider research. Traditional security efforts in organizations have largely concentrated on managing appropriate access. However, a recent research by Onapsis reveals that threat actors are increasingly targeting SAP systems for financial gain and potential sabotage.

The research carried out by Onapsis in partnership with Flashpoint reveals a dramatic rise in cyber threats targeting SAP systems. While ransomware incidents involving compromised SAP systems and data have surged by 400%, active threat community posts incorporating SAP-specific cloud and web services have increased 220% from 2021- 2023. During the same period, discussions about SAP vulnerabilities and exploits have escalated by 490% across open, deep, and dark web platforms.

Patching systems continues to be a major challenge for many SAP customers as the demand for system availability needs to be balanced with scheduling downtime to apply patches and updates. The research shows why it is crucial for customers to have a regular patching schedule and ensure that patches are deployed as soon as possible after they are released.

Securing SAP applications is crucial, and Onapsis recommends organizations to apply the same rigorous controls to SAP as they do to other areas of their cybersecurity programs. This involves integrating SAP into existing security and compliance programs. Effective vulnerability management is key, including regular assessments for known vulnerabilities, timely application of security patches, and ensuring visibility and modern security controls across the SAP landscape, both on-premise and in the cloud. Continuous security monitoring and threat detection are essential to identify and respond to suspicious activities in real-time.

Onapsis also recommends implementing a secure development lifecycle, ensuring that any custom code is secure from the start through secure development processes and application security testing. Maintaining a robust threat intelligence program is critical to keep IT security teams informed about the evolving threat landscape and modern threat actor tactics, ensuring comprehensive protection for SAP applications.