False sense of security pervasive among SAP clients
SecurityWeek reports that many users of SAP systems are being lulled into a false sense of security.
Over 40% of more than 100 SAP clients in the U.S., Asia and Europe expressed the greatest concern regarding possible internal fraud and misuse to their SAP environments, compared with 26% and 14% who were most worried about data loss or data breaches and external attacks, respectively, a Turnkey Consulting and Onapsis report showed. Meanwhile, nearly 45% believed that their organizations' networks are protecting their SAP from cybersecurity threats.
More threat actors are becoming aware of the valuable data stored in SAP systems, according to Turnkey Application and Cyber Security Practice Director Tom Venables, who cited an earlier SAP and Onapsis study showing exploitation of SAP application flaws days after patch availability.
"The overarching finding of this survey is that many SAP customers are operating under a false sense of security. Despite the fact that a small majority agree that SAP isn’t fully protected within the internal network, the threat from outside is not being taken quite as seriously as it should be," said the report.
The vulnerabilities we found allowed malicious actors to take over accounts and run commands as root on vulnerable servers. There were hundreds of thousands of them online – millions of websites could have been affected.