Skip to content

The asymmetry between attackers and defenders

Asymmetry attacker vs defenders

SAP systems manage many vital aspects of our businesses. SAP based applications serve as the digital backbone of many organizations supporting logistics (SAP LO), financials (SAP FI), human resources (SAP HR), and other important processes. SAP modules hold and process sensitive data of companies that need to be protected from increasing cyber threats around the globe. It is commonly known that such enterprise-critical applications provide a huge attack surface that customers have to manage. Ignoring a single attack vector could lead to an outage, data exfiltration, or corruption of important data assets. Loss of reputation and financial damage or legal fines are at risk for a company if a threat actor succeeds. 

SAP systems contain millions of dollars’ worth of information that must not be disclosed to attackers. Unfortunately, the likelihood of such an event is very high because the company’s defenders have engaged in an unfair battle.

Complex, enterprise-critical systems, are not secure by design, and by default. Defenders must put in an effort, usually manual, to maintain and build a secure configuration. Once accomplished, the security posture needs to be maintained, continuously and long-term, while the system is subject to frequent change and version updates.

Attackers’ advantage

A simple principle of life is that destroying is easier than building. Unfortunately, in many IT scenarios, it is also easier to attack than to protect. Why is this so, you might ask? Imagine the thousands of parameters that exist to secure an SAP system, those represent a catalog of vulnerability an attacker could choose from unless those are maintained with security in mind. 

Besides the secure configuration, the defenders need to monitor for commonly known security flaws within the standard product and apply the manufacturer’s patches soon after their release. 

The SAP and the cybersecurity teams mostly have limited resources to cover all attack vectors. Consequently, they may lose the battle and an attacker takes advantage of a small loophole to carry out an attack with immense impact on the organization.

Asymmetry between attackers and defenders
Asymmetry between attackers and defenders

SAP protection is a challenging task due to the complexity of the system, but there are other factors that also contribute to the attacker’s advantage. Many of these factors are on the side of attackers, let’s have a look:

  • One vulnerability is enough
  • Limited people
  • Human error
  • Unknown vulnerabilities (Zero Days)
  • Inefficient detection and response process 
  • Logging not enabled
  • Insufficient hardening of systems
  • Missing overview or transparency
  • Lengthy processes cause late patching of vulnerability
  • Custom code that contains vulnerabilities

These are just a few reasons, while there may be other conditions under which attackers can gain access to your SAP systems to steal your company’s data.

SAP Protection

A drastic transformation must take place to bring about a change in the scenario outlined above. With the goal of increasing SAP security, organizations must begin to equip themselves with tools to help defend and, more importantly, monitor their virtual walls. In a virtual world, walls are typically not broken down, they are bypassed.

Experience shows that it does not help you to define a security requirement for SAP-based systems that you cannot implement or comply with. In particular, ensuring the compliance with the directives involves recurring efforts, audits, and adjustments and is not only often neglected in reality, but is also too tedious.

Technology vs Attackers
Technology vs Attackers

With the right tool, even small teams can build and maintain a more effective line of defense.  The “right” tool is characterized by helping you monitor the configuration, detect intrusions, and eliminate vulnerabilities in the standard product or custom code. Only by gaining control over these areas will it be possible to protect and defend SAP systems in an ongoing Cyber War. 

Seize your chance and use technological evolution to your advantage.

Finally, I would like to end on a note that you probably won’t like. No matter what manual protections you have in place for your SAP systems, they are probably already outdated, modified, or ineffective.
Be aware that your opponents are not static, but will react very dynamically to changing circumstances. Attackers are constantly changing their methodologies and techniques and, thanks to the Internet, have access to an almost infinite knowledgebase.

Securing your SAP landscape should be imperative, but unfortunately, most SAP systems are insufficiently secured. The whitepaper describes the major steps on your road to securing enterprise-critical applications based on SAP SE products. 

Download the whitepaper YOUR ROAD TO SAP SECURITY to learn about the major milestones towards increasing the cybersecurity posture of your SAP systems

Posted by

Christoph Nagy
Find recent Security Advisories for SAP©

Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.

SecurityBridge at the DSAG Technologietage 2023

SecurityBridge will be attending the DSAG Technologietage 2023 from March 22nd-23rd at the Congress Center Rosengarten in Mannheim.
SAP Cyber risk
SAP Cybersecurity- Security News
Businesses must be more cautious to protect themselves from cyber threats as digitalization and the use of SAP systems increase. SAP S/4HANA is critical for many enterprises as it provides the foundation for business operations. As digitalization and Industry 4.0 continue to increase, SAP S/4HANA lays the foundation for many modern business scenarios. SAP systems are important for many industries and their security is a major concern, making them vulnerable to cyber attackers. This article will discuss cyber risks and how you can assess your individual and organizational SAP systems' risks. What are cyber risks?
Common SAP Patches
SAP Cybersecurity- SAP Patch Management- SAP Security Patch Day- Security News
Installing SAP patches is crucial for maintaining a robust and secure enterprise resource planning (ERP) system. SAP, one of the leading ERP systems in the world, is constantly evolving to meet the changing needs of businesses. As a result, SAP releases various patches to address issues and enhance the functionality of its software. However, installing SAP patches can present challenges for IT teams, such as ensuring minimal disruption to business operations, managing risks, and testing the non-implemented patches. This article will discuss the three most common types of SAP patches- kernel patches, snote patches, and support packs - and the best practices for installing them.
SAP interfaces
SAP Cybersecurity- SAP Interface- Security News
In this blog article, we will explore the importance of SAP interface security and discuss the various measures businesses can take to protect their systems and data. We will also examine some common threats to SAP interfaces and how to mitigate them. To safeguard your business, you need to understand the importance of SAP interface security and take steps to make your interfaces secure. 
SAP security Patch day
10th January 2023 SAP response team sends some Happy New Year greeting to the SAP Security Teams, by releasing 10 SAP Security Notes.