Cybersecurity is a hot topic right now: increasing numbers of external attacks on company networks during the pandemic and the further professionalization of the attackers have made it even more important. In recent months, we’ve been reading about attacks on companies almost every day, which have suffered consequences up to and including total shutdowns that lasted for days. What elements of SAP security have changed, for whom is Germany’s IT Security Act 2.0 relevant, how can you take this account during migration to SAP S/4HANA, and what can every company do to improve SAP security?
Do companies need a comprehensive security strategy for their SAP systems? The objective should be the integration into the bigger picture. Due to the lack of structures for overall security, however, security measures on a smaller scale are frequently omitted. It is therefore necessary to optimize internal control systems and – particularly for securing SAP systems – and to establish comprehensive monitoring. Learn more open the interplay of point in time and time frame of the security monitoring.
Sensitive enterprise data demands special protection. In addition to company-specific protection requirements, industry-specific specifications and legal regulations must also be observed. Minimizing the risk of losing critical data from SAP systems requires a variety of coordinated measures, collectively known as “data loss prevention”.
The procedure is well-known at SMEs and large companies: Every year, the auditor comes around for the IT audit, which is carried out as part of the annual overall review. The general objective is to ensure the security and integrity of the audited system (usually the SAP system used for accounting) and to identify potential risks. A management letter then describes follow-up measures to mitigate these risks in future. But does this approach still make sense today?
How should companies in the port and transportation logistics sector tackle cybersecurity? Can smaller and midmarket companies even protect themselves against the growing threats? Our CTO Ralf Kempf and his colleague Norbert Klettner, Managing Director of AKQUINET PORT CONSULTING, were interviewed on this subject by DVZ, a German transportation newspaper.
Companies that use SAP software, as well as the German-speaking SAP User Group (DSAG), are demanding security dashboards to provide for greater transparency and indicate necessary activities. The most critical risks, however, are those that arise as a combination of other events, which are not critical in and of themselves. After all, even the best dashboards aren’t able to display this kind of unidentified security incident.
Companies have been sensitized to the risks: According to a recent report by consulting firm Ernst & Young, 97 percent of the surveyed executives expect that they will face an even greater risk of cyberattacks and data leaks in the future. And they also know that they can hardly keep up with the rapid advances. That’s why we recommend that you give thought to end-to-end protection of your SAP systems now – no matter whether you’re still using SAP ERP or have already migrated to SAP S/4HANA. The sooner you start with an end-to-end strategy, the better you’ll protect yourself against threats – both internal and external.
The lack of SAP security management dashboards is discussed often by the Security & Vulnerability Working Group at DSAG, the German-speaking SAP User Group. The Working Group sees such tools an essential prerequisite for developing and monitoring the improved security concepts that are urgently needed. Yet a majority of companies has yet to implement the dashboard technology although now would be a particularly good time to implement this efficient tool for mitigating attacks in light of the increasing threat level posed by malware and ransomware.
In September 2020, the attack made headlines:
- Hackers responsible for IT disruption at Düsseldorf University Hospital.
- Hackers under investigation: Woman dead after attack on University Hospital.
- Hacker attack on Düsseldorf University Hospital: Investigation into involuntary homicide opened.
A hacker attack can be fatal. Data, goods and assets aren’t the only things to consider: Human lives are at stake where public spaces, in particular public health, is concerned.
The transition of the business world to SAP S/4HANA is picking up speed: that’s why every company should start preparing an end-to-end migration strategy for the new SAP system. It is essential that this strategy consider security aspects, as well, to avoid ending up sitting on millions in subsequent costs. The solution is Threat Intelligence.