Just 7 years ago, SAP Security associated with Segregation of Duties only. SAP code issues and platform vulnerabilities were terra incognita even for cybersecurity experts.
The reality showed that it was rather careless. Just within the last 3 years, several highly significant incidents related to the SAP cybersecurity occurred (NVidia breach in 2014, OPM Breach in 2015, and US-CERT alert on an SAP vulnerability). And this is just a beginning, 89% of security professionals anticipate the number of attacks on ERP systems to increase.
A common but true truism states you should be a step ahead of hackers to stay protected. To make accurate predictions, we should first get to know what the state of SAP Cybersecurity today is by revealing the latest data point.
State of SAP Security
To give a full picture of SAP Cybersecurity posture, we focused on 2 aspects: SAP Product Security and SAP Implementation Security.
As you may know, the second Tuesday of a month is known as a Patch Tuesday. SAP’s Security Patch Day coincides with Patch Tuesday to allow admins to install all fixes on one scheduled day. On the SAP Security day, the vendor releases a set of internal advisories containing instructions, patches, or both, which dubbed SAP Security Notes.
The number of released security patches released per year has slightly decreased. But it’s too early to rejoice. Surprisingly, it doesn’t mean that the number of the issues has dropped too. The vendor now can fix multiple vulnerabilities in one patch, while 3 years ago each patch addressed a particular one. Anyway, the number of patches is still quite high.
For Full Story, Please click here.