{"id":761,"date":"2019-01-07T10:31:37","date_gmt":"2019-01-07T09:31:37","guid":{"rendered":"https:\/\/sast-blog.akquinet.com\/?p=761"},"modified":"2020-07-24T11:40:50","modified_gmt":"2020-07-24T09:40:50","slug":"sap-systems-insider-attacks","status":"publish","type":"post","link":"https:\/\/sast-solutions.com\/blog-en\/2019\/01\/07\/sap-systems-insider-attacks\/","title":{"rendered":"Study shows SAP systems especially prone to insider attacks"},"content":{"rendered":"

\"SASTAfter many years working in the field of SAP security, I am still regularly surprised to discover how much Hollywood has contributed to the discussion on cybersecurity. The common perception is that of a hacker sitting at home in front of several screens and using cryptic commands to hack into corporate networks. The recently published “Insider Threat 2018 Report<\/a>” however, shows that insider attacks represent a much more serious threat. As far as the security of SAP systems is concerned, insider attacks are by far the greater problem. Why that is the case and what the main risks are is the subject of this post.<\/p>\n

Most likely, when you think of insider criminals, you think of another Hollywood-inspired character: An employee sitting in front of a computer, sweating profusely \u2013 frantically watching the progress bar that is taking forever to reach 100% \u2013 and his boss approaching the office. The fact is, however, that this image does not accurately convey the typical insider attack.<\/p>\n

Unstructured authorization concepts and complex system landscapes facilitate security incidents<\/h2>\n

The \u201cInsider Threat 2018 Report<\/a>\u201d published by the market research company Crowd Research Partners assumes that more than half of all insider attacks (51%) are carried out by employees who cause problems either by mistake or unintentionally. The reasons for these errors are a direct mirroring of the problems by which SAP systems are primarily affected.<\/p>\n

The study shows that the main reason<\/strong> specified (37%) for unintended security incidents was that authorizations were granted too generously<\/strong>. In SAP systems in which roles and authorizations have developed on an ad-hoc basis, this is a frequent problem. And it\u2019s no wonder when you consider that so many core processes are handled in SAP. With the complexity of an ERP system, it is easier for administrators \u2013 who do not necessarily have the expertise required to appropriately restrict authorizations \u2013 to assign authorizations by way of general role descriptions.<\/p>\n

With regard to complexity: Number three<\/strong> in the list of reasons for security problems is the increasing complexity of the relevant systems<\/strong>, which was deemed to be critical by 35% of those surveyed. And here again, SAP is strongly impacted: S\/4 HANA, C\/4 HANA, the SAP Cloud \u2013 new products that are typically added to an existing system landscape. And this with a product that, with 320 million lines of code, is already significantly more complex than other software products.<\/p>\n

90% of the survey respondents feel vulnerable to insider attacks<\/h2>\n

Second on the list<\/strong> of reasons for security problems is a factor that is topically related to both the over-generous authorizations and the increasingly complex technology: More and more devices have access to sensitive information.<\/strong> For 36% of those surveyed, this is a critical problem. Quickly approve your employee\u2019s vacation request as you head to the car park and then, as you sit in traffic, have a brief look at the recent quarterly figures: With SAP UI5 or Fiori, such scenarios are realistic. And we haven’t even considered SAP Leonardo and integration of the \u201cInternet of Things\u201d!<\/p>\n

It\u2019s no wonder that two thirds (66%) of the companies surveyed are more worried about attacks from within than external threats. It should be said that \u201cinadvertent\u201d security incidents are primarily caused by phishing attacks. 67% of the study participants highlighted this problem. Thus, the report comes to a clear conclusion: 90% of respondents feel vulnerable to insider attacks.<\/p>\n

The best form of prevention: Basic protection of all SAP systems<\/h2>\n

SAP managers naturally wonder how they can best prevent insider attacks. The answer is as simple as it is logical: Protect the SAP system landscape to the greatest extent possible. There are three areas where particular attention should be paid:<\/p>\n

    \n
  1. Authorizations<\/strong>: The role concept is a potential source of security problems on two fronts:\n