January 22, 2018 By Rahul Agarwal 2 min read

If your company runs SAP, there is a chance that you might be planning to adopt SAP HANA this year. Due to the speed with which the platform is being deployed in hybrid models, security might be overlooked, and any misconfigurations or vulnerabilities can result in millions of dollars in compliance costs if exploited by attackers or rogue insiders. In fact, the Ponemon Institute recently placed the average cost of data breaches impacting SAP systems at $4.5 million and revealed that 65 percent of companies had experienced one or more SAP breach within the last two years.

Business-Critical Data Under Attack

Cybercriminals are increasingly targeting SAP systems, and with good reason. According to an Onapsis report titled “The Tip of the Iceberg: Wild Exploitation and Cyberattacks on SAP Business Applications,” 87 percent of Forbes 2000 companies use SAP, and 76 percent of the world’s transaction revenue is processed by SAP systems.

SAP stores crown jewels such as critical business, personal and financial data, which requires managing myriad regulatory and compliance requirements. It also runs the most business-sensitive processes in the organization. According to Dark Reading, cybercriminals have demonstrated how SAP applications can be used as a steppingstone to sabotage oil and gas processes.

It stands to reason that you’ll need a security impact assessment and strategy for the move to SAP Business Suite 4 SAP HANA (SAP S/4HANA). That strategy must address external threats as well as governance, risk management and compliance in specific SAP components, such as segregation of duties and sensitive access, to reduce the overall risk. Plus, you’ll need to focus on protecting new capabilities enabled by SAP HANA.

Learn How to Manage a Successful SAP HANA Migration

On Jan. 25 at noon EST, Britta Simms, global SAP competency lead with IBM Security, will co-host a joint webinar with ERP Maestro, our SAP risk reporting and controls automation partner. In this webinar, Simms will walk through IBM’s HANA Assessment Tool approach to evaluating enterprise systems for the move to SAP HANA. She will cover threats both external and internal, including an analysis of security roles and authorizations, which are likely to change during a migration.

Watch the on-demand webinar

IBM Security services can help reduce the vulnerabilities in the SAP systems that house your organization’s most valuable information. With the right combination of SAP monitoring, automated alerts and rapid responses, attacks can be disrupted in real time.

IBM offers flexible services for the full range of SAP systems to help you:

  • Assess SAP systems for vulnerabilities and compliance risks, tying business context into remediation planning processes.
  • Align your SAP security policies with the latest industry standards.
  • Help protect against known-but-unpublished vulnerabilities.
  • Leverage continuous monitoring and advanced threat protection against zero-day attacks.
  • Streamline auditing and compliance management.

Watch this on-demand webinar if your organization is planning or considering a move to SAP HANA. You’ll get real guidance on how to start the process to assess the impact the project would have on your business — not to mention your current SAP security design.

More from

Working in the security clearance world: How security clearances impact jobs

2 min read - We recently published an article about the importance of security clearances for roles across various sectors, particularly those associated with national security and defense.But obtaining a clearance is only part of the journey. Maintaining and potentially expanding your clearance over time requires continued diligence and adherence to stringent guidelines.This brief explainer discusses the duration of security clearances, the recurring processes involved in maintaining them and possibilities for expansion, as well as the economic benefits of these credentialed positions.Duration of security…

White House cements CISA’s role as national coordinator for cybersecurity

2 min read - In 2013, the Obama Administration rolled out "The Presidential Policy Directive (PPD) on Critical Infrastructure Security and Resilience", a forerunner to the Cybersecurity and Infrastructure Security Agency (CISA), created "to strengthen and maintain secure, functioning and resilient critical infrastructure."The directive was groundbreaking in 2013, noting the importance of the rising risk of cyberattacks against critical infrastructure. But as cyber risks are constantly shifting, every cybersecurity program needs to be re-evaluated, and CISA is no exception. That’s why, in April 2024, President…

How a new wave of deepfake-driven cybercrime targets businesses

5 min read - As deepfake attacks on businesses dominate news headlines, detection experts are gathering valuable insights into how these attacks came into being and the vulnerabilities they exploit.Between 2023 and 2024, frequent phishing and social engineering campaigns led to account hijacking and theft of assets and data, identity theft, and reputational damage to businesses across industries.Call centers of major banks and financial institutions are now overwhelmed by an onslaught of deepfake calls using voice cloning technology in efforts to break into customer…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today