In the application security area, it is also possible that an insider attack will occur. This type can account for the category of internal cybersecurity risks. Among other things, this includes data theft, malicious manipulation of business information, etc.
It is unimaginable that employees of one’s own company suddenly turn against their employer. This is mostly not the case. The term “social engineering” describes techniques, tactics, and procedures used to make an innocent employee perform harmful actions. In simple terms, it is enough for the employee to open the door to the attacker. It is precisely these risks that are often difficult to identify and contain. Besides, you do not want to apply general suspicion to every employee.
Analyzing application logs is usually the best method of detecting insider exploits. This is not easy in the case of SAP applications because there are many different logs.
Monitoring the most important SAP S/4HANA logs is the only way to detect fraud and malicious manipulation. How fast you react to this depends on whether there are automatic notifications or if you manually and periodically monitor and evaluate. The risk you attribute to corresponding log items is very individual and depends on many factors.
We have already described how to detect anomalies in another article. To learn more about it, click here.