If your company runs SAP, there is a chance that you might be planning to adopt SAP HANA this year. Due to the speed with which the platform is being deployed in hybrid models, security might be overlooked, and any misconfigurations or vulnerabilities can result in millions of dollars in compliance costs if exploited by attackers or rogue insiders. In fact, the Ponemon Institute recently placed the average cost of data breaches impacting SAP systems at $4.5 million and revealed that 65 percent of companies had experienced one or more SAP breach within the last two years.

Business-Critical Data Under Attack

Cybercriminals are increasingly targeting SAP systems, and with good reason. According to an Onapsis report titled “The Tip of the Iceberg: Wild Exploitation and Cyberattacks on SAP Business Applications,” 87 percent of Forbes 2000 companies use SAP, and 76 percent of the world’s transaction revenue is processed by SAP systems.

SAP stores crown jewels such as critical business, personal and financial data, which requires managing myriad regulatory and compliance requirements. It also runs the most business-sensitive processes in the organization. According to Dark Reading, cybercriminals have demonstrated how SAP applications can be used as a steppingstone to sabotage oil and gas processes.

It stands to reason that you’ll need a security impact assessment and strategy for the move to SAP Business Suite 4 SAP HANA (SAP S/4HANA). That strategy must address external threats as well as governance, risk management and compliance in specific SAP components, such as segregation of duties and sensitive access, to reduce the overall risk. Plus, you’ll need to focus on protecting new capabilities enabled by SAP HANA.

Learn How to Manage a Successful SAP HANA Migration

On Jan. 25 at noon EST, Britta Simms, global SAP competency lead with IBM Security, will co-host a joint webinar with ERP Maestro, our SAP risk reporting and controls automation partner. In this webinar, Simms will walk through IBM’s HANA Assessment Tool approach to evaluating enterprise systems for the move to SAP HANA. She will cover threats both external and internal, including an analysis of security roles and authorizations, which are likely to change during a migration.

Watch the on-demand webinar

IBM Security services can help reduce the vulnerabilities in the SAP systems that house your organization’s most valuable information. With the right combination of SAP monitoring, automated alerts and rapid responses, attacks can be disrupted in real time.

IBM offers flexible services for the full range of SAP systems to help you:

  • Assess SAP systems for vulnerabilities and compliance risks, tying business context into remediation planning processes.
  • Align your SAP security policies with the latest industry standards.
  • Help protect against known-but-unpublished vulnerabilities.
  • Leverage continuous monitoring and advanced threat protection against zero-day attacks.
  • Streamline auditing and compliance management.

Watch this on-demand webinar if your organization is planning or considering a move to SAP HANA. You’ll get real guidance on how to start the process to assess the impact the project would have on your business — not to mention your current SAP security design.

More from

New Attack Targets Online Customer Service Channels

An unknown attacker group is targeting customer service agents at gambling and gaming companies with a new malware effort. Known as IceBreaker, the code is capable of stealing passwords and cookies, exfiltrating files, taking screenshots and running custom VBS scripts. While these are fairly standard functions, what sets IceBreaker apart is its infection vector. Malicious actors are leveraging the helpful nature of customer service agents to deliver their payload and drive the infection process. Here’s a look at how IceBreaker…

Operational Technology: The evolving threats that might shift regulatory policy

Listen to this podcast on Apple Podcasts, Spotify or wherever you find your favorite audio content. Attacks on Operational Technology (OT) and Industrial Control Systems (ICS) grabbed the headlines more often in 2022 — a direct result of Russia’s invasion of Ukraine sparking a growing willingness on behalf of criminals to target the ICS of critical infrastructure. Conversations about what could happen if these kinds of systems were compromised were once relegated to “what ifs” and disaster movie scripts. But those days are…

Cybersecurity 101: What is Attack Surface Management?

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them. ASM is a cybersecurity approach that continuously monitors an organization’s IT infrastructure to identify and remediate potential points of attack. Here’s how it can give your organization an edge. Understanding Attack Surface Management Here…

Six Ways to Secure Your Organization on a Smaller Budget

My LinkedIn feed has been filled with connections announcing they have been laid off and are looking for work. While it seems that no industry has been spared from uncertainty, my feed suggests tech has been hit the hardest. Headlines confirm my anecdotal experience. Many companies must now protect their systems from more sophisticated threats with fewer resources — both human and technical. Cobalt’s 2022 The State of Pentesting Report found that 90% of short-staffed teams are struggling to monitor…