Slashdot Mirror

← Back to Stories (view on slashdot.org)

Top Cyber Attack Vectors For Critical SAP Systems

Posted by samzenpus on from the protect-ya-neck dept.

An anonymous reader writes: Despite housing an organization's most valuable and sensitive information, SAP systems are not protected from cyber threats by traditional security approaches. Based on assessments of hundreds of SAP implementations, the Onapsis Research Labs study found that over 95 percent of SAP systems were exposed to vulnerabilities that could lead to full compromise of the company's business data and processes. Most companies are also exposed to protracted patching windows averaging 18 months or more. In 2014 alone, 391 security patches were released by SAP, averaging more than 30 per month. Almost 50 percent of them were ranked as "high priority" by SAP.

10 of 65 comments (clear)

  1. wha? by AndyCanfield · · Score: 2, Insightful

    What the H* is a SAP system?

    1. Re:wha? by fuzzyfuzzyfungus · · Score: 5, Insightful

      A 'sap' is a small blunt weapon, usually a leather sack of lead shot, used to incapacitate a target. A 'SAP system' is a gargantuan and expensive piece of ERP software used to incapacitate a corporation.

    2. Re:wha? by v1 · · Score: 2, Informative

      You'd think that [i]somewhere[/i] in the article they'd least ONCE explain that short acronym. But no. Short acronyms are difficult to google.

      I think they're talking about this?

      --
      I work for the Department of Redundancy Department.
    3. Re: wha? by UnifiedTechs · · Score: 2

      SAP = Stupid A** Program The sentence would still be true. (Honestly I'd tell you but it's a new one to me too.)

      --
      iRepairIT - iPhone, Mac, & PC Repair
    4. Re:wha? by wonkey_monkey · · Score: 2

      Yes, please define fricken TLAs.

      Fricken what?

      --
      systemd is Roko's Basilisk.
    5. Re:wha? by Anonymous Coward · · Score: 3, Interesting

      SAP is the third largest software company in the world (source). What rock do you live under?

    6. Re:wha? by cbelt3 · · Score: 4, Informative

      Systeme, Anwendungen und Produkte (Systems, Applications, and Products).

      www.sap.com

      Basically it's one of the two the largest Enterprise Resource Planning software companies in the world. Oracle is the other one. And since most SAP systems are run inside a highly protected corporate network, the self-promoting hysteria from this article is so much bullcrap.

  2. Re:Why bother to use the word "traditional"? by Shoten · · Score: 2

    SAP systems are not protected from cyber threats by traditional security approaches

    That implies that there is some sort of protection while leaving out the word "traditional" implies the more correct situation where they are not protected at all.
    That not necessarily a bad thing so long as the practice is to secure their stuff with third party approaches afterwards (eg. need to get on a secured VPN before you can communicate with the software).

    Onapsis' bread and butter is a non-traditional security product meant specifically to secure...wait for it...SAP. So, that gives you an idea what the anonymous OP is up to.

    --

    For your security, this post has been encrypted with ROT-13, twice.
  3. Re:Consider the source... by Headw1nd · · Score: 2, Interesting

    Well, to be honest, if you work with SAP everyday you can' t help but realize it sucks.

  4. Re:Consider the source... by Anonymous Coward · · Score: 4, Interesting

    I do not disagree at all that SAP sucks. I work for a large retailer and sit right next to the SAP guys. I've never seen such a miserable lot. Daily banging their heads against one stupid SAP issue after another and always complaining about SAP support being completely useless.

    I'm just not sure I buy the 95% of installs are horribly insecure claims coming from a company that's only product is securing SAP.