January 22, 2018 By Rahul Agarwal 2 min read

If your company runs SAP, there is a chance that you might be planning to adopt SAP HANA this year. Due to the speed with which the platform is being deployed in hybrid models, security might be overlooked, and any misconfigurations or vulnerabilities can result in millions of dollars in compliance costs if exploited by attackers or rogue insiders. In fact, the Ponemon Institute recently placed the average cost of data breaches impacting SAP systems at $4.5 million and revealed that 65 percent of companies had experienced one or more SAP breach within the last two years.

Business-Critical Data Under Attack

Cybercriminals are increasingly targeting SAP systems, and with good reason. According to an Onapsis report titled “The Tip of the Iceberg: Wild Exploitation and Cyberattacks on SAP Business Applications,” 87 percent of Forbes 2000 companies use SAP, and 76 percent of the world’s transaction revenue is processed by SAP systems.

SAP stores crown jewels such as critical business, personal and financial data, which requires managing myriad regulatory and compliance requirements. It also runs the most business-sensitive processes in the organization. According to Dark Reading, cybercriminals have demonstrated how SAP applications can be used as a steppingstone to sabotage oil and gas processes.

It stands to reason that you’ll need a security impact assessment and strategy for the move to SAP Business Suite 4 SAP HANA (SAP S/4HANA). That strategy must address external threats as well as governance, risk management and compliance in specific SAP components, such as segregation of duties and sensitive access, to reduce the overall risk. Plus, you’ll need to focus on protecting new capabilities enabled by SAP HANA.

Learn How to Manage a Successful SAP HANA Migration

On Jan. 25 at noon EST, Britta Simms, global SAP competency lead with IBM Security, will co-host a joint webinar with ERP Maestro, our SAP risk reporting and controls automation partner. In this webinar, Simms will walk through IBM’s HANA Assessment Tool approach to evaluating enterprise systems for the move to SAP HANA. She will cover threats both external and internal, including an analysis of security roles and authorizations, which are likely to change during a migration.

Watch the on-demand webinar

IBM Security services can help reduce the vulnerabilities in the SAP systems that house your organization’s most valuable information. With the right combination of SAP monitoring, automated alerts and rapid responses, attacks can be disrupted in real time.

IBM offers flexible services for the full range of SAP systems to help you:

  • Assess SAP systems for vulnerabilities and compliance risks, tying business context into remediation planning processes.
  • Align your SAP security policies with the latest industry standards.
  • Help protect against known-but-unpublished vulnerabilities.
  • Leverage continuous monitoring and advanced threat protection against zero-day attacks.
  • Streamline auditing and compliance management.

Watch this on-demand webinar if your organization is planning or considering a move to SAP HANA. You’ll get real guidance on how to start the process to assess the impact the project would have on your business — not to mention your current SAP security design.

More from

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today