Introducing the SAP Cybersecurity Framework 4.0
Cyber attacks are at epidemic levels. According to research performed by 360 Security, there were over 85 billion attacks in 2015, equivalent to 2000 attacks per second. The cost of data breaches continues to grow, year after year, and reached record levels in 2016. Juniper Research estimate that average costs will exceed $150M within three […]
SAP Security Notes – August 2016
Note 2319506 addresses a blind SQL injection vulnerability in Database Monitors for Oracle. The vulnerability impacts all versions of SAP Basis and rates extremely high on the impact scale using the common vulnerability scoring system. Content-based and time-based blind SQL injection is used by attackers to determine when input is interpreted as a SQL statement. […]
Three Reasons You Should Budget for SAP Breach Costs
The average cost of a data breach has now surpassed $4 million. This is according to the latest study from the Ponemon Institute issued earlier this month. The study surveyed 383 organizations in 12 countries. It revealed that not only are data breach costs increasingly across the board, the probability that organizations will suffer a breach […]
US-CERT Issues Alert for SAP Invoker Servlet Vulnerability
US-CERT published an alert yesterday to warn SAP customers of the dangers posed by the invoker servlet vulnerability in AS Java systems. According to the alert, there is evidence to suggest that SAP systems at 36 organizations have been exploited by the vulnerability. The organizations are based in the United States, United Kingdom, Germany, China, […]
How to Visualize Cyber Security Risks in Your Systems with SAP Lumira
SAP Lumira can be used to access, visualize and explore data of any size from virtually any source. It enables users to build and share powerful interactive data visualizations using a simple user-friendly interface. Since Lumira can acquire data and enable users to create customized reports through self-service, it removes the need for programming, scripting […]
Survey Reveals 65 percent of SAP Platforms Were Breached Between 2014-15
Earlier this week, the Ponemon Institute released the results of the most comprehensive study performed to date on the state of SAP cybersecurity. The Institute is widely known for the annual Cost of Data Breach report that trends average data breach costs across major countries. However, it also performs a variety of other studies related […]
How to Discover Missing Security Notes for Your SAP Systems using ConVal
Earlier this month, the New York Stock Exchange released a definitive guide to cybersecurity targeted at directors and officers of public companies. Developed with Palo Alto Networks, the guide includes contributions from over thirty-five industry experts and contends with a wide range of questions including legal and regulatory issues, cyber insurance, supplier risks, and incident […]
Are 95 percent of SAP systems really vulnerable to cyber attack?
Earlier this month, SAP issued a strongly-worded response to claims made by the software vendor Onapsis in a press release that over 95 percent of SAP systems assessed by Onapsis were exposed to vulnerabilities that could lead to the compromise of SAP systems. According to SAP, “The press release published by Onapsis is aimed at […]
Discover Security Patches for your SAP Systems using System Recommendations
One of the most startling facts revealed by the 2015 Cyber Risk Report is that over 44 percent of data breaches stem from the exploitation of known vulnerabilities that are over two years old. This suggests that effective patching can dramatically lower the likelihood of a successful data breach and, when employed with other countermeasures […]
SAP Cybersecurity Framework 2.0: What’s New?
Since the official release of the SAP Cybersecurity Framework in 2014, the standard has become the de facto benchmark for securing SAP systems from advanced cyber threats. Drawing upon guidance issued directly by SAP, as well as the real-world experience of front-line SAP security architects and forensic investigators, the framework delivers a single point of […]