Skip to content

How poor management lets the cybersecurity ball get dropped

sap security strategy

Firstly: I’m not a techie, I’m a marketing guy. So, what qualifies me to write a blog article about SAP cybersecurity? Well nothing really except that sometimes an unbiased view on things is helpful. Here’s what I mean…

Clear Business case

When I made my first steps into SAP security a couple of years ago the market scenario was simple: Companies are facing more and more cyber-attacks and therefore must secure their IT landscapes properly. As SAP usually is storing the crown jewels of a company it’s very important to also increase the security posture there. And as SAP is quite different from the rest of the usual IT landscapes this requires specific know-how and solutions that help both: the IT security and the SAP team which is very often focusing on business operations. That’s a simple and clear business case – so far, so good.

Why is SAP Security not high priority?

What I found very interesting was the fact that SAP cybersecurity in many companies is still low priority. I could not understand why this is the case. If companies haven’t been a victim of a successful breach, then cybersecurity from a management point of view is often seen as something that at first glance only costs money but doesn’t bring any value in return. That naive view on such a critical topic from people whose job it is to run and align a company strategically with a perspective of the up-coming 10 years or more – that’s what was most surprising to me when I stepped onto the scene.

Not that this view on things is naive, it’s shortsighted and puts not only the IT infrastructure to high risk but also the whole company’s future including personal data and in the last consequence the jobs of its employees to an absolute unnecessary risk. In short: To not invest in cyber-security at all is wrong. And by investing I don’t just mean money. Investing into SAP security primarily means setting up new processes, giving employees time to learn and execute security-related tasks.

You can’t turn back the clock

This ignorant view reminds me of some people who are living an unhealthy lifestyle, (although they should know better) until the doctor tells them they are suffering from high blood pressure, fat liver or any other serious disease and then they suddenly “wake up” trying to regain their health again with maximum effort but often not the result they wish for.

Instead, prevention has almost always paid out for companies who act smart and invest wisely. Invest wisely into the right SAP cybersecurity solutions that reduces the manual workload from your employees and radically reduces the attack surface of the IT infrastructure and act smart when it comes to implementing security into the backbone of each critical business process. It’s usually more expensive to check the finished product or service for security leaks and fix everything afterwards then if this would’ve been done within the process. So, embedded security speeds up critical processes and increases the security posture from the very beginning.

Conclusion

Cybersecurity in general and SAP security specifically must be a top priority topic for every company – not to do that is bad management. What needs to be decided for every company is how to start this journey and how to shift it slowly from reactive to proactive. Even if companies start with doing anything this is already reducing your attack surface and is way better than doing nothing. As cyber security is no project with a deadline but an ongoing agile process instead, we at SecurityBridge and our dedicated partners are happy to discuss your tailor-made roadmap that fits best.

Reach out if you want to learn more about SecurityBridge Platform for SAP.

Posted by

Till Pleyer
Find recent Security Advisories for SAP©

Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.

SecurityBridge at the DSAG Technologietage 2023

SecurityBridge will be attending the DSAG Technologietage 2023 from March 22nd-23rd at the Congress Center Rosengarten in Mannheim.

Meet us at SAPinsider Las Vegas 2023

March 20-23: SecurityBridge will be attending SAPInsider 2023 in Las Vegas. Come meet us and learn more about SAP Security.
SAP Cyber risk
SAP Cybersecurity- Security News
Businesses must be more cautious to protect themselves from cyber threats as digitalization and the use of SAP systems increase. SAP S/4HANA is critical for many enterprises as it provides the foundation for business operations. As digitalization and Industry 4.0 continue to increase, SAP S/4HANA lays the foundation for many modern business scenarios. SAP systems are important for many industries and their security is a major concern, making them vulnerable to cyber attackers. This article will discuss cyber risks and how you can assess your individual and organizational SAP systems' risks. What are cyber risks?
Common SAP Patches
SAP Cybersecurity- SAP Patch Management- SAP Security Patch Day- Security News
Installing SAP patches is crucial for maintaining a robust and secure enterprise resource planning (ERP) system. SAP, one of the leading ERP systems in the world, is constantly evolving to meet the changing needs of businesses. As a result, SAP releases various patches to address issues and enhance the functionality of its software. However, installing SAP patches can present challenges for IT teams, such as ensuring minimal disruption to business operations, managing risks, and testing the non-implemented patches. This article will discuss the three most common types of SAP patches- kernel patches, snote patches, and support packs - and the best practices for installing them.
SAP interfaces
SAP Cybersecurity- SAP Interface- Security News
In this blog article, we will explore the importance of SAP interface security and discuss the various measures businesses can take to protect their systems and data. We will also examine some common threats to SAP interfaces and how to mitigate them. To safeguard your business, you need to understand the importance of SAP interface security and take steps to make your interfaces secure. 
SAP security Patch day
10th January 2023 SAP response team sends some Happy New Year greeting to the SAP Security Teams, by releasing 10 SAP Security Notes.