$1.3 billion lost an hour! This is what one of our global customer’s estimates is the impact to their business if their SAP systems become compromised and operations are disrupted. The cost of an SAP breach can be inconceivable. And yet, it may be one of the most under scrutinized areas in IT security from a business continuity perspective. Everyday our services team sees the real-world impact of breaches to organization’s SAP systems. This in mind, our consensus is that it is imperative to not only be able to detect a potential attack, but to have a response plan in place in case an attack still occurs. Responding quickly is where many organizations reach out to Onapsis for expert advice.
What we see is that there is a tendency amongst organizations to think that once a year is enough to perform a security assessment of SAP systems. More often than not, it’s assumed that Segregation of Duties and/or basic perimeter defenses are enough to protect systems from intrusion, and that penetration tests are only a necessary evil – for when internal auditors are requesting an update. However, with the “Bad Guys” getting more intelligent about business-critical systems, their ability to exploit these systems is becoming more and more advanced.
If you’ve taken a look at major headlines recently, you’ve likely noticed the staggering number of corporations who’ve suffered large-scale data breaches. Many of these breaches were targeted at SAP and other business-critical applications. The impact of these breaches could have been minimized and potentially avoided had there been proper security measures in place for continuously monitoring their business-critical applications. As attacks of this nature will continue to evolve in complexity, it is absolutely imperative to have a preventative, systematic approach to SAP security in place in order to help your organization avoid interruptions to its business and incur huge financial liabilities.