SAP Patches a Must

Tuesday, May 29, 2012 @ 06:05 PM gHale

Only five percent of over 600 SAP systems tested by security firm Onapsis were secure from espionage, sabotage and fraud, a researcher said.

That means 95 percent are potentially vulnerable, mainly because users did not apply patches, the researcher said. That just adds more fuel to the fire saying users need to be smart about applying patches.

After Patch, APT’s Still Hit
Adobe Mac Updates Silenced
Critical Flash Player Hole Closed
Adobe Patches Flash Player, Again

Attackers targeting SAP platforms don’t need access credentials to perform these attacks, said Juan Perez-Etchegoyen, CTO of Onapsis, a Buenos Aires consulting firm focused on ERP systems and business-critical infrastructure. Perez-Etchegoyen made his remarks at the Hack in the Box conference in Amsterdam last week.

Global companies, governments and defense agencies use SAP to manage everyday tasks like financial planning, managing payrolls and logistics, he said. If SAP platforms suffer a breach, intruders are able to access customer data, paralyze the company by shutting down the system or modify financial information for fraud purposes, he added.

“The problem is that companies don’t know the risk,” Perez-Etchegoyen said, adding SAP systems hold the data sensitive and important for companies.

The main reason companies that use SAP are vulnerable is because they don’t apply patches, and in that way leave their systems exposed, he said.

“SAP is working very hard on security and they are good at it, but customers need to keep up,” Perez-Etchegoyen said. It is not always easy to keep up with the patches because most SAP implementations are highly customized, he said. This means that with every patch the IT department has to do extensive testing to make sure their systems keep working smoothly, he said.

Leave a Reply

You must be logged in to post a comment.