In SAP’s patch round of February 2022, an SAP Security Note was released with a CVSS score of 10/10 named, “Request smuggling and request concatenation in SAP
2024 Cybersecurity Predictions and Emerging Threats in Germany
This year has been extremely challenging for companies’ cybersecurity, and there are unfortunately no signs of a let-up: by 2025, the cost of cyber-attacks on the global economy is predicted to rise to the incredible figure of $10.5 trillion. According to the 2023 report by the German Federal Office for Information Security (BSI), the cybersecurity situation in Germany is particularly dramatic, recording a threat level in cyberspace higher than ever. The alarming factors are the shift in cyberattack focus from large, wealthy companies to small and medium-sized organizations, government institutions, and municipalities. It’s also worth noting that the professionalism of cybercriminals is increasing, and they can now easily collaborate across borders and industries.
The evolution of cyber risks
Bitkom is the industry association for the German information and telecommunications sector, and it has gathered diverse data from 1002 German companies on cybersecurity risks and threats perception in 2023. According to this study, the total damage from cybercrimes in Germany accounts for 203 billion euros, 5% of the total German GDP. 62% of these companies perceive a very large or large threat from cybersecurity, with the most common attacks recorded as phishing, attacks on passwords, infection with malware, ransomware, and SQL injection. With an average of nearly 70 new vulnerabilities registered daily, critical industries’ software vulnerabilities are again considered a highly significant concern.
In the past year, when evaluating analog and digital risks, there was a notable rise in the vulnerability to digital theft of data and sabotage of information and production systems or operational processes, with an increase of 7/8% compared to 2022. Conversely, incidents such as eavesdropping during on-site meetings or calls, as well as theft of physical materials, experienced a significant decline.
Many factors contribute to this increasing risk of cyber threats compared to analog risk. The digitalization and “remotization” of work and businesses, fastened by the Covid pandemic is certainly a factor, but it’s not the only one. Artificial intelligence and machine learning are now dominating the cybersecurity conversation, and the adoption of new technologies, such as IoT and Industry 4.0, introduces new attack surfaces. In the next years, we will see more and more threat actors adopt AI to accelerate and expand their hacking capabilities and go even further by increasingly targeting the cloud and the sensitive data part of SaaS companies’ application services.
The supply chain is still a weak link that causes a devastating impact: companies not only have to take care of their security protocols but also scrutinize the security practices of their third-party suppliers. Furthermore, threat actors continue to use deepfake social engineering attacks to foster ransomware, gain permissions, and access sensitive data. With the relative success and ease of phishing campaigns, next year will bring more attacks that originate from credential theft, with AI-enhanced phishing tactics that might become more personalized and effective.
A look at the future after a disastrous year
Let’s dive deeper in the statistics provided by Bitkom. In 2023, cyber-attacks accounted for almost three-quarters of German companies’ financial damage: on a total of 205.9 billion euros in damage, 72% of the losses accounted solely for cybersecurity attacks.
If we look at the kind of digital assets stolen from organizations, the most concerning data regards employee and customer data theft which is growing rapidly, even doubling since 2021. Instead, digital data theft (ex: emails) has decreased by 6% in the percentile but is still recorded as the threat with the highest occurrence.
8 out of 10 companies have been attacked more frequently in 2023. Across all industries, cyberattacks have increased by around 53% of weight, both for critical and non-critical sectors. For 2024, all companies are expecting a further increase of around 50%, which would totalize a staggering 100% threat increase in just 2 years. The whole cyber-threat panorama is not just a digital, ethereal discussion, but it poses a serious existential threat to the bare survival of companies. If in 2021 just 9% of companies considered cybersecurity risks an attack on businesses’ existence, as of today, 52% of organizations (both of critical and non-critical sectors) realize the devastating consequences of relying only on a reactive approach or not having a security infrastructure ready to combat threats.
The only way to efficiently combat these threats is by re-considering, prioritizing, and strengthening your security stance: 72% of companies intend to significantly increase their cybersecurity budget, while just 5% of the company plan a minimum budget increase.
Despite organizations’ security efforts combined with and government’s investments, policies, and security-by-design approach, cyber-incidents are expected to increasingly ascend shortly. Now more than ever it has become a top priority to protect the fundamental digital assets of your company and minimize the impact of an SAP cyber-attack on your business. Contact us today to protect and empower your SAP Security future with SecurityBridge.
Find recent Security Advisories for SAP©
Leiter des Forschungslabors ist Joris Van De Vis, Director of Security Research bei SecurityBridge und Mitgründer des SAP-Sicherheits-Spezialisten Protect4S, der seit September 2013 zu SecurityBridge